Testing is going along swimingly. I’m quite happy with the core team (of about 6 testers) who have been taking some valuable time and running the site through it’s paces. They’ve been discovering some problems and submitting good, detailed and thoughtful bug reports, and for that, I am very very grateful.
In fact, I’m going to do something nice for our testers. I am not saying what yet, but if you are one of them, and you helped out, I’ll be getting in touch with you. I am very appreciative
Continue Reading »
Anyone who has followed the “saga” of diysearch may be aware of my extremely bad luck with open source web-based applications. Well, that luck is continuing to hold. I use word press for this blog. While I like the features, and enjoy the interface, it to is turning out to be a real, well, piece of shit. I’m sorry, I know a lot of work has gone into developing this and the community support is strong, but their security is painfully lax.
I recently found that my site was used as an IRC server so that scam artists could swap stolen credit card numbers. They injected an IRC system called PsyBNC through an exploit in the XML-RPC system word press uses to expose a remote API for better blog management.
So, I am just bitter.
Well, these people drove a truck through this exploit, setup this IRC server and used it to swap stolen credit card numbers. I have the logs, I have the exploit scripts, I have everything I need that demonstrates exactly how they did this, and all fingers point to word press’s xml rpc script.
This has no real bearing on the actual functioning of diysearch, but since I am a professional software developer, one of the things i love to hate is process flow/architecture diagrams and documentation. Well, since I figure I’m giving this version of this project a real go, I developed a a high-level arechitecture and process flow that illustrates just how the site works and how it was designed (technically speaking).
Continue Reading »
Testing is about to begin. I know my original plan was to have the code migrated from my internal dev machine to the UAT server today. I don’t think that is going to happen. Late last week I realized I had a huge gap in functionality (primarily around user account management and promo functions). Well, I am just finishing filling that hole.
I’m going to still try to get everything into the test environment this week. The go-live date, right now, is not disturbed, everything is still go for the 20th of May.
I know I’ve gotten some contacts from a few folks interested in testing. I’ll be getting in touch within the next day or so to let you know the testing URL.
