haim
Etsy Admin
haim says:
Here’s a quick update on some of the bigger bugs we’ve been fighting…- The cookie/login issue
We’ve found a bug in how we generate random data that could possibly result in login “collisions”. It’s our theory that user A would login and get his random data token. Sometime thereafter user B would generate the exact same random data thus grabbing user A’s session. We’ve got a short term fix in the works that will highly decrease the chances of that happening. It’s our goal to have that fix pushed out early Wednesday AM EST. In addition we’re working on a larger long term fix to better handle cookies in general.
- 500 errors on the bill pages
Users with a large amount of unbilled charges or a large amount of charges under a single bill would generate “500 errors” when loading pages. We’ve got a fix in the works to paginate out these pages which should resolve the issue.
- Images not loading/hanging
This one is a horrible ghost in the machine. The crazy randomness of this issue along with an inability to recreate on demand is making this one incredibly difficult to track down. We’ve got people looking over every single part of our system to try and find where this gremlin lives. I don’t have any updates for you as of yet, but it’s something we’re all working on.
[Editor-added bolding]
These are updates on issues we covered previously:
Users reporting seeing other people’s account info which continued from our original coverage.
March 19th, 2008 at 4:30 pm
Probably the ONLY thing they learned from the last time this happened was to shut down any reports of it more quickly and not allow any public discussion. Handling it privately would be acceptable *if* they were really handling it, i.e. investigating the CAUSE and fixing that. But from past experience, they don’t ever do that unless there is major public clamoring for something to be done. I definitely believe the public clamor (here on UEN and on the forums) last time is what finally made them fix the bug instead of denying it. And even then it took WAY too long before they took it seriously.
So if they remove the ability for public clamor, i have grave doubts they will be motivated to fix security bugs instead of sweeping them under the rug. Etsy will just tell the user to clear their cache, which fixes the symptom so that user won’t get the bug anymore for a while, and the user will think the bug is fixed. But it does nothing to prevent someone ELSE from getting logged into YOUR account. So it’s not really a fix.
March 18th, 2008 at 11:05 pm
even more interesting, the OP from today’s thread started a thread in bugs which was closed down by RD stating that since it was a personal issue it would be handled privately.
denying it is happening again perhaps???
March 18th, 2008 at 9:22 pm
KateBlack said:
If Ramona also used a web accelerator then that makes sense, it’s a smaller pool of users who have accelerators so if Ramona’s page views were cached by the google proxy then it makes sense those same cached pages were shown to multiple other users afterwards.