Frustrated doesn't BEGIN to cover it

Discussion in 'Players Supporting Players' started by Raeven, Jun 25, 2015.

  1. Adevil Well-Known Member

    Honestly, I'm not making accounts all over creation just to report stuff. Rum Cellar beta they wanted us to make a Reddit account. Bugs they want us to make an account with some anonymous fan site. Guide forums - station account login doesn't work there either. Simply, no. If I can't use my station account to log on I just don't use the site.
    Edelphia, Hartsmith, Juraiya and 4 others like this.
  2. Uwkete-of-Crushbone Well-Known Member

    Amen, absolutely. From what I understand, we need a separate account to even check on the Guide events, or at least contribute things like questions, when that used to be part of the forums HERE. >:-(

    Uwk
  3. Spindle Well-Known Member

    The database tracker is easier to use than the in game bug reporter. Far more intuitive.
    Bookmark the site and go there whenever you wish, from in game or even from work )
    Use a familiar login and password for YOU.
    You can vote for bugs that you come across in game and there is a good chance that bug will come to the attention of devs quickly.
    If you don't see what is bugging you, enter your bug. As I mentioned, it's a far easier process than the in game process.

    https://dgcissuetracker.com/secure/Dashboard.jspa?selectPageId=11501
  4. Adevil Well-Known Member

    Sorry, I won't. If Daybreak made a similar site I would use it.
  5. Seefar Well-Known Member

    Though I agree with you that it's not very customer-friendly to have a separate site, at least the guide forums platform does use the same login -- I don't know why yours doesn't work there. Recently, the two seem to have been linked; when I log in here and then follow the link to there, although I'm presented with another 'log in' prompt at the top, when I click it, it logs me in automagically without having to enter my details again. Sometimes (which is a little worrying because it suggests that there's some bugginess there, which is not good in a security system as bugs mean possible points of failure/ potential abuse).
  6. Neiloch Well-Known Member

    So 'all over creation' = 3 if you use guide forums and the reddit forum which is more or less defunct.

    FYI project management tools like the issue tracker site (https://dgcissuetracker.com) uses is utilized by MANY software companies and game companies even if its purely internal to handle all sorts of issues. Its not some random fansite or experimental community, its a serious industry tool.

    /bug and /feedback basically just sent raw/messy messages to devs with little to no organization. TBH I'm surprised they have kept them in now that they use JIRA.
  7. Seefar Well-Known Member

    'All over creation,' for me, involves a password database that contains in excess of 500 logins for umpteen sites... and growing all the time. I don't know about you, but I do more than just play games. It's rapidly becoming ludicrous.

    /bug and /feedback are the only way that Daybreak offers for its paying customers to try to assist it with improving its systems -- and yet you're suggesting they should be ditched? Even if they are "basically just sent raw/messy messages to devs with little to no organization" -- "TBH I'm surprised" that they don't have Jimmy the Intern plugging them into something better...

    The real point here is 'who the heck is JIRA'? Perhaps you aren't aware that SoE had a very serious break-in resulting in loss of personal data a few years back; they lost a good many customers as a result (and I lost some good Norrathian friends, too). This kind of lax behaviour around security is exactly the kind of thing that can lead to such issues.
    Adevil and Kittybock like this.
  8. Neiloch Well-Known Member

    How is this Daybreak's problem? Sounds like you need to consolidate or better manage your usernames and passwords.

    What? It was just outlined that they at least used to use reddt, they use the forums and they also use the issue tracking site. Not to mention special sections for focused feedback from select customers. So no, you are 100% wrong /bug and /feedback are the only ways for customers to help.

    How is this lax behavior around security? They don't even link your game account to the site, that's MORE security, not less. And yes I am aware they had a break in, this means literally nothing in relation to a completely different sites security. That's like saying 'a bank was robbed a year ago, what are you doing about securing my house from burglars?' Two completely unrelated issues.
    Spindle likes this.
  9. Adevil Well-Known Member

    What do you mean by "consolidate"? Same username & password for games, banks, credit cards, etc? Hackers would look at that and think $$PROFIT$$. Personally, I can't remember a dozen different passwords like 3eM,3#!B9?##L]Q!. If you can, congratulations. There is a reason those programs for securely storing usernames and passwords exist. I prefer to minimize the data by avoiding the creation of unneccessary accounts.
    Daybreak has no control over Reddit or the issue tracker. By asking their customers to use those sites they are relying toatlly on security provisions controlled by others. I'm not an IT specialist, but I do know enough to know that creating and securing a site is not something I would want to do. Keeping a web site secure is a full time job, which is why Internet Security specialists get paid rather well.
    Hartsmith and Seefar like this.
  10. Seefar Well-Known Member

    What Adevil said, plus, see this image highlighting some problems with one of JIRA's user login points, which I posted earlier.

    It gets worse.

    In a post above, you link to another login point to the JIRA system:
    ... that currently bears not one warning not to use your station username/password.

    Daybreak has no control over JIRA's systems or employees. It would be child's play to log that user input; and this could allow access to ... how many? users' station accounts -- and, if those users 'consolidate' their passwords, as you so foolishly suggest, possible access to their entire online identities.

    That's one example of lax security behaviour.
    Hartsmith and Adevil like this.
  11. Adevil Well-Known Member

    I'd have to go hunting for the post, but I do recall seeing someone mentioning that their station account and password were rejected there, so players definitely do attempt to log on to that site using those. Logs of attempted logins....child's play. Let's hope they're not selling the accounts they now have access to.
  12. Hartsmith Well-Known Member

    If they really prefer that we use that then they should set /bug to send us to that site logged in under whichever account we are already logged in under so that we do not have to keep track of a gazillion different passwords, etc.
    Seefar likes this.
  13. Hartsmith Well-Known Member

    You say this and then you say...

    Given the fact that every time someone's replied to /petition with a referral to the bug tracker, they failed to mention that it is owned/operated by 3rd party, it becomes Daybreak's fault and is blatant sloppy security for the simple reason that not everyone is going to notice or think that these are separate entities. And it is rather irresponsible of you to suggest to someone to consolidate their usernames/passwords when you obviously know this to be true. That's like saying 'yes that bank was robbed but make yourself a master key that works to open both your account there and your house, anyway.'

    It simply is not good business practice to make PAYING customers jump through hoops in order to get issues resolved, especially when those hoops force customers to utilize 3rd party software.
    Seefar and Edelphia like this.
  14. Hartsmith Well-Known Member

    You might want to go hunting for that and also really stop to think about what you just implied; that Daybreak has already handed all of our username AND passwords to a 3rd party. That would not be a secure thing to do.
    I'm just gonna take a stab in the dark and guess that the post you are referring to is someone that tried to use their login info on the tracker site BEFORE creating an account, but that does not mean that they could not create the new account using the same info used on Daybreak accounts.
  15. Hartsmith Well-Known Member

    I must confess my decision to create a username and password that was sooo completely unrelated to any of my other accounts was totally not based on noticing those statements about the tracker not being Daybreak because I did not take notice of those statements. In fact, what I consciously thought was that dgcissuetracker.com meant that it was still a part of Daybreak games.

    Thank you, Seefar, for posting that link.
    Seefar likes this.
  16. LordTiras Well-Known Member

    OK, stop for a second.

    There is some misinformation going on here that I'm going to try to clarify. Because this is the internet, I bet some of you will simply refuse to believe anything I say no matter what experience I have with this, but I'm going to try anyways.

    In the image, the fact that it says at the bottom "powered by jira..." means NOTHING for security. Absolutely nothing at all. Why? Because that's the software they are using, not who they are. It's a tracking application that you buy from a company named Atlassian and either host yourself or have hosted on a cloud server. I don't know which they are doing with the tracker, but it's unimportant to this point. Saying that "it's powered by Atlassian JIRA therefore that's a security hole" is exactly the same thing as saying "The forums here are run on XenForo software, which wasn't written by Daybreak, therefore using them is a security hole just because of that". It's ignorant of the fact that most companies buy software packages for things like forums, and bug tracking, and internal wikis, etc. So Atlassian's employees, who really have NOTHING AT ALL to do with that site (unless it's hosted on their cloud, at which point they are acting like Dreamhost and hosting the software for whomever paid for it), don't need to be controlled by Daybreak. Just like XenForo's employees aren't controlled by Daybreak and don't need to be. Or Microsoft employees, because after all EQ2 uses DirectX, and you know, a rogue M$ employee might write a hook into the DirectX code and steal your password. :rolleyes:
    Now I can't 100% rule out that it's possible someone has found a way to insert a user/PW logger into Jira on their own site to read what people put in. I know there are a few things in Jira that can't be modified, but while I've been an administrator of the software before, I've never installed it nor have I maintained an installation so I don't know which pieces they are (something I should probably learn to do, actually...). There is a license you can get with Atlassian that gives you the source code, but that's not cheap and they would know who you are. It's highly unlikely that this has been done, as them knowing who has the source makes using it to commit petty thievery really a bad idea. So no, not "childs play", and the people who would be able to readily do that are far more likely to be off committing more serious crimes on the internet than stealing a few dozen DBG logins. It's just a matter of effort vs. reward.

    -------
    Now for my opinion on the matter in general:
    I do think that it would have been ideal for DB to set this up themselves, but it's likely they don't want to maintain it, and they don't want to pay for Jira (I just checked pricing, there is no free option, but the lowest license level is cheap... the next level up is NOT cheap). The thing about tracking bugs is that people tend to write bugs for anything, and you then have to have someone (usually in QA) triage issues, find duplicates, find noise (and spam...) and then pull that together. That's employee time that could be spent doing other work. Having someone outside the company do the same, though is a huge payoff for any company, because now their employees can concentrate on real things (like duplicating in the lab tickets that have been triaged by the community for them), and make the product better. So it's not an ideal setting, but given the cost in time and personnel, this is a win for DBG, and a lot better than having nothing (which is what existed before the tracker).
    Seefar and Spindle like this.
  17. Seefar Well-Known Member

    We've gone just a tad off-topic with this thread, but since we're here...

    You're absolutely right, all of this is very open to misinterpretation. I did not mean to suggest that using the issue tracker would automatically lay all Daybreak access information open for abuse -- it doesn't, though I see how that conclusion might be reached.

    Where I'm coming from is frustration (see thread topic) with computer systems in general, and especially those in relation to security. The security paradigm itself is fatally flawed by the unreasonable expectation that every computer user will make the effort to become knowledgeable in the field. We're all in this together; yet those responsible for building systems bear the greater responsibility, and should not encourage bad practice.

    The only system that Daybreak itself offers its paying customers is through /bug and /feedback. I would have no qualms about using this issue tracking system (it actually looks quite impressive) if Daybreak itself controlled it. But while it sits under another domain and, especially, encourages others to develop slack security habits, I for one will be staying away -- out of principle, I admit. Just call me stubborn.
    LordTiras likes this.
  18. LordTiras Well-Known Member

    As I said I agree that it would be a lot nicer if this was run by DBG. Heck, they might already be using Jira for their own development and QA tracking, meaning it wouldn't be TOO hard to extend it out for quests to use it (there are some issues with that, including security issues, though). Or if they didn't want to open up their internal tracker, set up a second external one (like was done by outsiders in this case) and use that to allow people to enter issues. In fact, I believe Jira has APIs that I believe would allow them to extend the /bug command such that it directly entered tickets into Jira (I know confluence, another Atlassian package, has these and I'm 99% sure Jira has them). Then you could enter a /bug, then go to the external portal and see your ticket that you just entered! It would be a big improvement, for I'm guessing a few weeks of a dev's time (or rather some dev time, and some Jira admin time). In that setup, there is NO security issue as you're entering the tickets from the game, and your access to the Jira db is guest/view only.
    Seefar likes this.