Geekzone: technology news, blogs, forums
Guest
Welcome Guest.
You haven't logged in yet. If you don't have an account you can register now.

View this topic in a long page with up to 500 replies per page Watch this topic Create new topic
1 | ... | 22 | 23 | 24 | 25 | 26 | 27 | 28 | 29 | 30 | 31 | 32 | 33 | 34 | 35 | 36
6867 posts

Uber Geek
+1 received by user: 320


  Reply # 695750 3-Oct-2012 18:41 Send private message quote this post

DonGould:
gzt: The real question is - are Wheedle willing to pay for the level of expertise and service required?


Job ads I've seen so far would suggest not.?

Please correct me if I'm wrong, but my impression of India is that it's getting to the point where people there with the same level of smarts as we have here in New Zealand know their worth on the international stage and are charging accordingly.




One issue I have found with hiring people in India to outsource to, is are they going to be around in the future to support the software. eg will they be around in a year? The job I had done, the small company I used just disappeared and I have no way now to contact them. That applies to outsourcing, but I guess if you have your own presence over in India to assemble a team with, that would be a different story.

Have plan, send $NZD50m
3454 posts

Uber Geek
+1 received by user: 70

Subscriber

  Reply # 695762 3-Oct-2012 19:06 Send private message quote this post

mattwnz:  One issue I have found with hiring people in India to outsource to, is are they going to be around in the future to support the software. eg will they be around in a year? The job I had done, the small company I used just disappeared and I have no way now to contact them. That applies to outsourcing, but I guess if you have your own presence over in India to assemble a team with, that would be a different story.


Really the same can be said for any software development. 

If you get something developed here locally are the same team members going to be there in 12 months time? 

If you have staff in house are the same guys going to still be with you in 12 months?

I think a bigger issue is code quality and understanding of deployment.

I've seen projects where the developer leaves and you just throw the code in the rubbish because no one else can follow it.  Or code that uses components that no one else has and doesn't know where to get or discovers are really expensive and the guy had as part of something else he was working on.

If you hire young ones locally then they'll want to fly, if you hire older more stable ones (read with family and kids locally in school) then they're more expensive.

Really the bottom line is that something extensive like TradeMe is not cheap to replicate properly in any language in my view.


D




Promote New Zealand - Get yourself a .kiwi.nz domain name!!!

Check out mine - i.am.a.can.do.kiwi.nz - [email protected]


6729 posts

Uber Geek
+1 received by user: 621

Trusted
Subscriber

  Reply # 695799 3-Oct-2012 20:06 Send private message quote this post

DonGould:
rubygirl:  Thanks Carl.Kiss
Still waiting for my job offer tho.


Raises an interesting question though. 

Did this project get out sourced to India because local people just wouldn't touch it?

I mean if someone here came to you and said that they wanted you to replicate TM in this way, what would you really have said?




I don't think they would have approached it like that. They would have said, here is a site we want to emulate and they have taken tenders from various parties, likely chosen this on price and a good sales pitch and then the developers and planners have lacked the skills to do this to a reasonable standard. I am guessing because it's likely the people who ordered the system didn't have the required knowledge they have trusted the developer who has lead them down the garden path.

627 posts

Ultimate Geek

Trusted

  Reply # 695803 3-Oct-2012 20:21 Send private message quote this post

gzt:
Beccara:
networkn: It clearly states they are employing an agency to do an audit.


They going to get an Indian firm to do that too?

Outsourcing has it's place, that place isn't anywhere near this tho


I'm not sure exactly what you are trying to say there.

The fact is a huge proportion of security work is performed on an outsource basis.

If the right person lives in India or if an outfit there has a genuine track record and reputation for the work required and India is the right place to deliver it from then so be it. I have no doubt there are plenty of rightly respected firms offering these services in India.

The real question is - are Wheedle willing to pay for the level of expertise and service required?

Indeed. An awful lot of posters seem to be confusing outsourcing with offshoring.

Outsourcing is hiring an external company/party to do something for you. E.g. Contracting ${web_developer} to develop your site, or ${security_company} to conduct the audit of your site.

Offshoring is hiring (or shifting) jobs to another locale from the primary place of business, typically done for cost reasons.

In this case, Wheedle appears to be offshoring work rather than outsourcing it, since they imply the employees are employed by a Wheedle entity in India. 

Of course, you can outsource to an offshore company and get the best of both worlds.

I wouldn't necessarily pick on the concept of outsourcing or offshoring (or India) - crap outcomes can be achieved just as easily within the domestic market.

1570 posts

Uber Geek
+1 received by user: 11

Subscriber

  Reply # 696158 4-Oct-2012 14:18 Send private message quote this post

This article was just posted on Techday
http://techday.com/netguide/news/wheedle-makes-password-promise-after-privacy-breach/127032/


Wheedle has reassured customers who signed up to its online website, insisting their passwords are safe after privacy fears.

The struggling online auction site, forced to close down indefinitely for repairs on Tuesday, emailed users claiming their private details were not at risk while promising an independent security audit before the site relaunches.

But such reassurances has failed to quash the concerns, as visitors question the way passwords were communicated in plain text in cookies.


[Moderator edit (MF): please do not quote entire articles for copyright reasons]


6867 posts

Uber Geek
+1 received by user: 320


  Reply # 696180 4-Oct-2012 15:16 Send private message quote this post

Just tried the other new site http://www.listselltrade.co.nz/ which was supposed to launch at 3pm. Still not working yet and it is after that time.

Awesome
3855 posts

Uber Geek
+1 received by user: 368

Trusted
Subscriber

  Reply # 696183 4-Oct-2012 15:21 Send private message quote this post

mattwnz: Just tried the other new site http://www.listselltrade.co.nz/ which was supposed to launch at 3pm. Still not working yet and it is after that time.


Maybe it's 3pm India time they mean ;)




Twitter: ajobbins

10704 posts

Uber Geek
+1 received by user: 399

Trusted
Subscriber

  Reply # 696186 4-Oct-2012 15:28 Send private message quote this post

ajobbins:
mattwnz: Just tried the other new site http://www.listselltrade.co.nz/ which was supposed to launch at 3pm. Still not working yet and it is after that time.


Maybe it's 3pm India time they mean ;)


It certainly has slowed somewhat now tho.




Richard rich.ms

6867 posts

Uber Geek
+1 received by user: 320


  Reply # 696188 4-Oct-2012 15:31 Send private message quote this post

I have just revisited, and notice they have remove the '3pm' from the launch date. So it just says thursday. No explanation for the delay. Not a good start for them.

BDFL
49202 posts

Uber Geek
+1 received by user: 4174

Administrator
Trusted
Geekzone
Subscriber

  Reply # 696189 4-Oct-2012 15:34 Send private message quote this post





Tel69
194 posts

Master Geek

Trusted
Subscriber

  Reply # 696279 4-Oct-2012 17:17 Send private message quote this post

"but said members could rest assured their passwords had been strongly encrypted in its database."

I wonder just what encryption they are using.
Totally ignoring the cookie thing itself and the obvious avenues for SQL injection, let alone other methods, Just what encryption which obviously uses a key to decrypt would you trust (hence being able to send out the forgotten password in plain text)?
I personally say none. Compare encrypted values to see if they are the same. There should be no reason or ability to decrypt encrypted data.
Where is this key stored?
If it's in a database then they are stuffed.
We are just talked about passwords, what about credit card information. Is that information stored with Weedle?
Given what we have seen I would hazard a guess they are, but are they encrypted?
Is the CCV stored anywhere?
I wasn't willing to put my credit card number anywhere near the site but should have tried an invalid credit card number to see if it even checked if it's valid.

"complete review of the website, engage an independent firm to carry out a full security check"
I hope that security check does indeed involve all facets of the site and not just "are the passwords safe", (Which we know they are not).

238 posts

Master Geek
+1 received by user: 3


  Reply # 696367 4-Oct-2012 19:53 Send private message quote this post

Well, that Wired writer had every account under the sun stolen from him and all the "hackers" used was a little bit of social engineering and combination of email security flaws frio various big sites.  Wheedle need to think about how they're protecting the ecosystem as a whole...

Have plan, send $NZD50m
3454 posts

Uber Geek
+1 received by user: 70

Subscriber

  Reply # 696377 4-Oct-2012 20:10 Send private message quote this post

PottsyNZ: Wheedle need to think about how they're protecting the ecosystem as a whole...


They've highlighted why paying more is good. 

TradeMe shareholders must be over the moon that the business case for their fee hike has been made.




Promote New Zealand - Get yourself a .kiwi.nz domain name!!!

Check out mine - i.am.a.can.do.kiwi.nz - [email protected]


BDFL
49202 posts

Uber Geek
+1 received by user: 4174

Administrator
Trusted
Geekzone
Subscriber

  Reply # 696378 4-Oct-2012 20:12 Send private message quote this post

DonGould: TradeMe shareholders must be over the moon that the business case for their fee hike has been made.



On this I have to agree.





218 posts

Master Geek
+1 received by user: 3


  Reply # 696423 4-Oct-2012 21:01 Send private message quote this post

If one of these jokers can actually build a secure/stable platform to the run the transactions of a large auction site, I think TradeMe could be easily toppled. The level of customer service, the usability of the site, the auction creation process and the crippling limitations (you can't even properly insert an HTML link, use bullet points, or style the text) is arcane and dated at best.

Searchability and usability is poor in general and most people who have had the 'pleasure' of contacting TradeMe customer service realize that the whole experience could be *vastly* improved.

What is truly telling about the TradeMe group is that they are lazy and resting on their laurels and having no competition. When was the last time their site had an interface update? It has been *YEARS* and now they are only finally looking at a revamp. Look at their othersites like findsomeone for dating. It is a miserable looking website with a horrid interface, yet it is the 'premier' online dating site in NZ.

I hope somebody knocks them off the block.....or at least gets them off their behind and actually investing in the site and the user experience.

For those that think it is impossible for TradeMe to get knocked off.....I remember once upon a time many people saying the exact same thing about MySpace when Facebook emerged. There are countless examples in technology where an entrenched player that owns a market space get's shoved into oblivion by a younger, smarter, and more agile competitor.

1 | ... | 22 | 23 | 24 | 25 | 26 | 27 | 28 | 29 | 30 | 31 | 32 | 33 | 34 | 35 | 36
View this topic in a long page with up to 500 replies per page Watch this topic Create new topic




Twitter »
Follow us to receive Twitter updates when new discussions are posted in our forums:



Follow us to receive Twitter updates when news items and blogs are posted in our frontpage:



Follow us to receive Twitter updates when tech item prices are listed in our price comparison site:




News »

Trending now »
Hot discussions in our forums right now:

Lightbox press event release
Created by freitasm, last reply by old3eyes on 1-Aug-2014 15:09 (118 replies)
Pages... 6 7 8


Are IT staff supposed to know everything
Created by BTR, last reply by robjg63 on 1-Aug-2014 15:29 (37 replies)
Pages... 2 3


New Mobile plans coming?
Created by nunasdream, last reply by Yabanize on 1-Aug-2014 15:43 (93 replies)
Pages... 5 6 7


Checking UHF aerial is working
Created by OnceBitten, last reply by B1GGLZ on 28-Jul-2014 21:49 (21 replies)
Pages... 2


2010 Honda Jazz, Suzuki Swift - which has higher maintenance cost?
Created by joker97, last reply by jonathan18 on 31-Jul-2014 10:47 (76 replies)
Pages... 4 5 6


2 x PS4s to give away. Geekzone members only.
Created by BigPipeNZ, last reply by bjorn on 31-Jul-2014 15:43 (72 replies)
Pages... 3 4 5


Hierarchy of a mistake: Gerry Brownlee
Created by joker97, last reply by DonGould on 29-Jul-2014 21:57 (93 replies)
Pages... 5 6 7


"keyless" keys - questions
Created by joker97, last reply by MadEngineer on 30-Jul-2014 22:02 (35 replies)
Pages... 2 3



Geekzone Live »
Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.

Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.

Alternatively, you can receive a daily email with Geekzone updates.