Wheedle shuts down to fix security flaws
Subscribe now for $100 (23 issues) and save more than 37% off the cover price!
Get the latest news from Computerworld delivered via email.
Sign up now
Wheedle, which launched yesterday as a competitor to online auction site Trade Me, has gone into maintenance mode once again to fix several security and process flaws with its website.
An announcement sent out by Wheedle's managing director Carl Rees this afternoon says the site is closed for "a thorough update of its systems and processes".
"Operating issues were identified and our determination to ensure we can provide a level of service we are satisfied with means that we have elected to close the site until we can complete a comprehensive audit of our systems and make the necessary improvements," says Rees.
Wheedle experienced its first technical hiccup yesterday morning when its site was down for maintenance on the launch day.
It soon came to the attention of early adopters that user passwords can be retrieved by users via their emails in plain text. While this does not necessarily mean they aren't encrypted at the database level, it does mean it could be reversible.
Just tried a password recovery on Wheedle. Was emailed my password in plain text. Not cool. twitter.com/simantics/stat…— Sim Ahmed (@simantics) September 30, 2012
Today the site was down for further temporary maintenance, when it was discovered that the reserve price and buy now prices of auctions could be tampered with by users other than the auctioneer.
You can buy anything for any price on Wheedle. Just visit wheedle.co.nz/Search/editpri… after viewing an auction, and set your desired reserve.— nzben (@nzben) October 1, 2012
Rees told The NBR that the entire saga has damaged Wheedle's brand.
"It's a pain in the arse. It's hurting us," says Rees.
Rees says the development of the Wheedle website was outsourced to developers in India, but maintains that was not the problem as staff were overseeing the development there.
Rees told the NBR that the problem was simply due to the deadliest of programming sins, a lack of testing.
Trade Me is a part of Fairfax Media, which publishes Computerworld.
Posted by Anonymous at 0:05:55 on October 4, 2012
With (iii) you get 'object is null' and 'data parameter type mismatch' type errors splattered all over your web page. We're not getting those so it is (i) or (ii) i.e. looks like a trainee analyst that didn't understand the subject matter.
The test programme will be over quality of the development - did India deliver programs to spec? I have found Indian development to be precise to the spec - they are generally on a fixed price and deliver nothing in addition to the spec - so you had better hope the spec is right. If the spec didn't say to lock down the 'edit buy nowe price' function they won't have done this.
My guess is the Indians delivered exactly what they were asked to - nothing more, nothing less - and this is simply a situation of a dystem designed by someone new to the area. Kind of like designing high-rise buildings in Christchurch; you can't blame the guys that mixed the concrete.
Either that, or it was built to a budget.
Posted by Anonymous at 15:52:30 on October 3, 2012
These are core skills of a competent developer. To have this site launched without these things being considered is proof that the developers *are* in fact incompetent.
Posted by Mark L at 9:43:25 on October 4, 2012
Posted by Anonymous at 18:02:02 on October 3, 2012
Posted by Anonymous at 10:21:04 on October 3, 2012
These problems will not take days to fix, more like weeks or months... but they will be back earlier than that... and people will be ready to point out newly found flaws... site down again.
Outsourcing or otherwise these guys have no clue, all trust is lost.
Wanted this to succeed but after this poor show so early on I highly doubt it.
Posted by MAT at 22:50:35 on October 2, 2012
This is software 101.
Posted by Jeff at 14:16:48 on October 3, 2012
You're still right though, this isn't about bad testing. It's about bad requirements specification, naive design and poor project oversight.
The coders in India could be CMM Level 5 for what it's worth, but if the requirements, design and governance were "Made in New Zealand" that means they're no doubt tainted by the ridiculous "Number 8 Wire" and "She'll be right" attitudes that are destroying our industry.
Posted by Anonymous at 9:23:44 on October 3, 2012
I guess Mr Rees strikes me as poorly-qualified, poorly-experienced or poorly-informed. Or perhaps a mixture.
Posted by Anonymous at 9:26:32 on October 3, 2012
Posted by Taxpayer at 20:06:45 on October 2, 2012