[ANN] Hey, BitMe! (#bitme)

[freewil]

Yes, javascript should never add features to the system. JS should be used to cosmetical things or to make some features easier to use. Therefore the javascript-method to disable multiple form sending is bad method. Should be done with confirmation page or something like that.

Also when you're adding an order, it should classify what went wrong if an error occurred in order placement (instead of "An error occurred!").

Turned javascript off after loading dashboard page, then clicked on Orders->New and it threw to Error 404 -page.

Yup, compatibility without javascript is a known issue.

[1714804662]

1714804662

[1714804662]

1714804662

[1714804662]

1714804662

[1714804662]

1714804662

[flatfly]

Hi,

a little cosmetic issue:

The password strength meter in the Join page works, but doesn't look quite right on
IE8. (There's no background color)

[bencoder]

I've managed to spam the orderbook by doing tiny increments in rate and have drowned out everything on the USD side of the order book using less than 1 USD in funds. Now nobody can see what's available. I'm sure i could do the same on the BTC side if i had any left and there was anything to drown, making the orderbook useless.

I think to solve it the order book should be put into bins, so it's more a rough idea of the quantity at each rate, by combining all the quantities at the rates say between 15 and 15.01, or you shouldn't allow quite such small increments in rate. Or maybe it should be left as it is. I suppose when there's active trade across the spread it won't be an issue because those micro orders will be picked up as soon as there's a trade. But I think there should be some way to see more of the orderbook if someone does do this and while you still have low activity on there.



Not really a bug but the way the order book doesn't update even when you place an order kind of bugs me

[freewil]

Hi,

a little cosmetic issue:

The password strength meter in the Join page works, but doesn't look quite right on
IE8. (There's no background color)

confirmed, 5 BTC

[freewil]

I've managed to spam the orderbook by doing tiny increments in rate and have drowned out everything on the USD side of the order book using less than 1 USD in funds. Now nobody can see what's available. I'm sure i could do the same on the BTC side if i had any left and there was anything to drown, making the orderbook useless.

I think to solve it the order book should be put into bins, so it's more a rough idea of the quantity at each rate, by combining all the quantities at the rates say between 15 and 15.01, or you shouldn't allow quite such small increments in rate. Or maybe it should be left as it is. I suppose when there's active trade across the spread it won't be an issue because those micro orders will be picked up as soon as there's a trade. But I think there should be some way to see more of the orderbook if someone does do this and while you still have low activity on there.

I put this on my todo list as an enhancement. I think combining them into different "bins" is a good idea, but I don't want to do that without giving the user the ability to change at what precision it does this.

Not really a bug but the way the order book doesn't update even when you place an order kind of bugs me

Me too

5 BTC

[flatfly]

Looks like the current site is vulnerable to a DoS attack through the 'withdraw' method:

In the withdraw form, enter a 34-digit address and any amount of BTC (doesn't matter if you
have them or not), and quickly hit 'Enter' 30 times or more, in rapid succession. The whole site
appears to become unresponsive for at least 10 seconds.
.

[Anduck]

In IE8,
"© 2012 BitMe, LLC
Terms of Use
#bitme on FreeNode" isn't where it's supposed to be when logged in. Also header looks different.

"Last Execution BTC / USD 0.5x @ 15" is there supposed to be 0.5x something?

Also, cosmetically site doesn't work in mobile platforms. Tested with Nokia N9, functionality was good except i couldn't deposit USD another try and it worked!

[freewil]

In IE8,
"© 2012 BitMe, LLC
Terms of Use
#bitme on FreeNode" isn't where it's supposed to be when logged in. Also header looks different.

Confirmed, 5 BTC

"Last Execution BTC / USD 0.5x @ 15" is there supposed to be 0.5x something?

This is the intended display, the 0.5x is the quantity and 15 is the rate. This means there was an execution of 0.5 BTC at a rate of 15 USD, (0.5 BTC was traded for 7.5 USD)

Also, cosmetically site doesn't work in mobile platforms. Tested with Nokia N9, functionality was good except i couldn't deposit USD another try and it worked!

Yup, mobile platforms is on my known issues list

[Anduck]

Trying IE7 now, many cosmetic problems. "Logout"-bar, header, Green/red info boxes bugging weirdly, deposit-page table (and tables overall (except orderbook page) are scaling to window width), footer info at wrong place (like in IE8), transaction-page bugging overall. Also can't, for example, place orders with IE7 (maybe applies to IE8 too) even with javascript turned on. Also can't see USA-flag at all with IE7.

Also, thanks!

EDIT: Can place orders but no notify or site changes if order placed. But if error occurs, the message will show.

[freewil]

When I visit https://test.bitme.com/dashboard/transactions/USD I get a message in Chrome stating that the page is in Vietnamese.. Any idea what might be causing this?

When I click translate, commas get added to certain values. 10840 becomes 10,840

Chrome's autotranslate feature seems to be have some issues, I even just tried to explicitly set the language as english via a "Content-Language" header. Google Chrome still seems to want to offer to translate the page for some reason.

https://groups.google.com/forum/#!msg/google-translate-general/IGYJ6ODH5s4/T2Jx7Dh6JbMJ

[freewil]

Trying IE7 now, many cosmetic problems. "Logout"-bar, header, Green/red info boxes bugging weirdly, deposit-page table (and tables overall (except orderbook page) are scaling to window width), footer info at wrong place (like in IE8), transaction-page bugging overall. Also can't, for example, place orders with IE7 (maybe applies to IE8 too) even with javascript turned on. Also can't see USA-flag at all with IE7.

Also, thanks!

EDIT: Can place orders but no notify or site changes if order placed. But if error occurs, the message will show.

Yeah, looks like IE needs some work, I hadn't tested it at all in IE before.

[Anduck]

I don't think support for <IE7 should be high on the priority list anyways..

Wasn't it 10% of web browsers are _STILL_ IE6! And think how much IE7 or IE8 there are..

Edit: Fordy, you're right that <IE7 shouldn't be on high priority list so people would get better browsers.

[rjk]

I don't think support for <IE7 should be high on the priority list anyways..

Wasn't it 10% of web browsers are _STILL_ IE6! And think how much IE7 or IE8 there are..

Edit: Fordy, you're right that <IE7 shouldn't be on high priority list so people would get better browsers.

Even Microsoft itself hates IE6 and has launched a campaign to get rid of it: http://www.ie6countdown.com/

[freewil]

I'm not going to support older than IE8. I think the amount of IE users in the Bitcoin community is probably significantly lower than the general population.

[flatfly]

Looks like the current site is vulnerable to a DoS attack through the 'withdraw' method:

In the withdraw form, enter a 34-digit address and any amount of BTC (doesn't matter if you
have them or not), and quickly hit 'Enter' 30 times or more, in rapid succession. The whole site
appears to become unresponsive for at least 10 seconds.
.

Hi Sean, have you had a chance to take a look at this one? I just want to make sure you didn't miss that post due to the high activity in the thread yesterday.

[freewil]

Looks like the current site is vulnerable to a DoS attack through the 'withdraw' method:

In the withdraw form, enter a 34-digit address and any amount of BTC (doesn't matter if you
have them or not), and quickly hit 'Enter' 30 times or more, in rapid succession. The whole site
appears to become unresponsive for at least 10 seconds.
.

Hi Sean, have you had a chance to take a look at this one? I just want to make sure you didn't miss that post due to the high activity in the thread yesterday.

Hey, sorry, I started to reply before but must have gotten distracted. I'll keep this in mind but I'm not going to worry about this too much. What this does is not really that expensive of an operation. It makes me wonder if I happened to have restarted the web server at the same time you were trying to do this. Currently, all my javascript is bundled and built the first time a user visits the site upon restart, so this could appear as a long 10second delay to that lucky user.

[flatfly]

Looks like the current site is vulnerable to a DoS attack through the 'withdraw' method:

In the withdraw form, enter a 34-digit address and any amount of BTC (doesn't matter if you
have them or not), and quickly hit 'Enter' 30 times or more, in rapid succession. The whole site
appears to become unresponsive for at least 10 seconds.
.

Hi Sean, have you had a chance to take a look at this one? I just want to make sure you didn't miss that post due to the high activity in the thread yesterday.

Hey, sorry, I started to reply before but must have gotten distracted. I'll keep this in mind but I'm not going to worry about this too much. What this does is not really that expensive of an operation. It makes me wonder if I happened to have restarted the web server at the same time you were trying to do this. Currently, all my javascript is bundled and built the first time a user visits the site upon restart, so this could appear as a long 10second delay to that lucky user.

Actually, I did think it could be related to some JIT process or you restarting the server, but I was able to rule this out - I tried at different times of the day, and I can still reproduce the effect right now.

Anyway, I can understand that it's not a priority for you at this time, but please don't underestimate this issue,
as any script kiddie could potentially DoS (or DDOS) the site through that way - heck, a script isn't even necessarily needed to do it.

[freewil]

Anyway, I can understand that it's not a priority for you at this time, but please don't underestimate this issue,
as any script kiddie could potentially DoS (or DDOS) the site through that way - heck, a script isn't even necessarily needed to do it.

Thanks a lot for this one flatly. I noticed a problem with how I was caching the js building, so it was actually being done on every request before! I've gone ahead and fixed this and the site should be noticeably more responsive. I've run out of BTC, but I owe you 20 for this one.

[flatfly]

Anyway, I can understand that it's not a priority for you at this time, but please don't underestimate this issue,
as any script kiddie could potentially DoS (or DDOS) the site through that way - heck, a script isn't even necessarily needed to do it.

Thanks a lot for this one flatly. I noticed a problem with how I was caching the js building, so it was actually being done on every request before! I've gone ahead and fixed this and the site should be noticeably more responsive. I've run out of BTC, but I owe you 20 for this one.

Great! I'm glad I could help, and I like how you really are a man of your word.

[flatfly]

Just a small thing: in the terms of use, it seems there's a word missing in the below sentence:

We will collect and use of personal information solely with the objective of fulfilling those purposes
specified by us and for other compatible purposes, unless we obtain the consent of the individual
concerned or as required by law.

->

We will collect and make use of personal information solely with the objective of fulfilling those purposes
specified by us and for other compatible purposes, unless we obtain the consent of the individual
concerned or as required by law.