I love the web. I love web developers. Heck, I love all developers. I co-run a conference about software development because development is creative, fun, profitable, and excellent for New Zealand’s economy. If you want advice about how to be a great developer*, I’m always available to talk, and I’m very friendly.

But right now, I’m angry.

I don’t like being an asshole. Honestly. But if you put your shitty half-assed website online, and shout from the rooftops that you’re going to take down Trade Me, and what’s more you’ve got forty servers and millions of dollars to do it, you’ve gotta bring your A-game. You have to realise that people are already laughing at you because of the “take down Trade Me” comment. They’re already looking to see where you slip up. Don’t give them a wide open target.

Don’t be putting up a website that looks like it’s coded by 50 monkeys in a room bashing keyboards with their copies of “An Idiots Guide to HTML”. It’s not like product development where you can hide the rough edges inside a shiny casing. We can see how good the website is just by viewing pages.

Seriously, I don’t throw around the term “shitty half-assed website” easily. I’d be appalled if someone called something I’d built shitty and half-assed. I’d wonder what I had done to deserve such abuse. I’d go back and look at my code and try to understand what offended them so.  If I looked and found some of this stuff, I’d hang my head in shame:

  • Security holes you can drive a truck through. Holes that are clearly listed on the OWASP top 10. Total newbie errors.
  • Passwords sent in clear-text over email, who cares if they are stored in reversible encryption: if you can decode my password on the server, you are Doing It Wrong.
  • Unfinished features, like being completely unable to edit images on an auction.
  • Spelling mistakes all over the place.
  • Blank emails sent to customers to notify them of auction events.
  • Horrible UX issues like not being able to submit a search (aka your website’s number one use case) with the enter key.

So yes, your website is shitty and half-assed, and you should feel bad. You’re giving web development a bad name.

What’s more, if you put up another shitty half-assed website within days of this huge failure and claim to be “better”, you have zero leeway. You’ve just watched someone else go down in flames. The least you can do is ask your developers if they’ve taken rudimentary steps to secure the website. Like maybe even sanitising user input to remove script tags?

I sound like a complete cocky asshole in this post, but it’s because I’m bloody angry. There are hundreds of wonderful, dedicated, skilled web developers in New Zealand, and this week’s embarrassment is an offence to all of them.

Wheedle and ListSellTrade, go and get some expert advice from these people. Trust them, listen to them when they tell you what is required of you, and help make the web a better place.

* I’m not a great developer. I’m a good developer who has some ideas about how to get better.

Join the Conversation

16 Comments

  1. You’re completely right Ben, you only get one chance to do something like that, and if it doesn’t work the first time you’re pretty much screwed. People know the site is coded badly, hackers know there may be more exploits. The website is now nothing more than a challenge to hackers. I won’t be putting my information up on there.

  2. “There are hundreds of wonderful, dedicated, skilled web developers in New Zealand, and this week’s embarrassment is an offence to all of them.

    Wheedle and ListSellTrade, go and get some expert advice from these people. ”

    And there in, from what I read, is the problem. They didn’t (at least, Wheedle didn’t). They outsourced it to a cheaper country:

    http://jobsearch.naukri.com/job-listings-Asp-net-Developers-2-x-Senior-Positions-Wheedle-Ernakulam-Kochi-Cochin-5-to-10-021012000040

    That might end up being a very costly mistake for them….. One chance to make a first impression and all of that.

  3. As an antidote, spend tomorrow checking out some new well built, kiwi made web apps Ben. You can start with Timely.co.nz 🙂

    Part shameless plug, part genuine observation about how much air time these poorly executed apps are getting…

  4. Absolutely. This stuff is web development 101. Although, to be fair, my (reasonably recent) university degree had a single course on web development – and very little mention of a lot of this stuff.

    What’s more, in the case of website #2, they blow their credibility for the rest of their business. Schocking.

    1. This is not easy stuff to get right, many high profile sites, NZ and internationals have holes. Professionals have the responsibility to know when they are in above their heads and get outside help, consulting, testing whatever.

      As we have all seen the results can be shocking, with Wheedle now a synonym for failure and LST threatening another long established business. I suspect that a very high percentage of low traffic sites in nz would have security holes but no one cares enough to exploit them

  5. If you ever needed a case study of how not to buy sophisticated technology on the cheap from near-slaves in a third world country, this is it.

    1. Not true for ListSellTrade, unless you count the south island as a third world country…

      My experience with developers in Asia is that they’re the same as NZ – some good, some bad. If Wheedle made the effort to find good developers then provided them with a good spec then they could have avoided these problems. I’ve seen software outsourced to firms down the road that was just as bad as this.

      1. It’s a global market. Someone who can make $120k in NZ isn’t going to stay in India on $20k. They’re either going to migrate, or sort out a deal that gives them proper wages at home.

        The people you get for $20k are the ones posting dumbass “please do my homework” questions on your favourite tech question site.

  6. I think that commenters need to be mindful that outsourcing was not the cause of these problems per se. Yes it hurts that jobs were pushed overseas, but the idea that offshore developers are inherently inferior is a dangerous assumption.

    That’s evident in the ListSellTrade launch. What both sites appear to lack is experienced technical oversight and attention to detail. It’s one area where the Kiwi no8 wire “she’ll be right” mentality really let’s us down. You can’t build software like that, especially not while challenging NZs number 1 web property.

    1. Completely agree. Outsourcing is not the (only) issue here. You can perhaps attribute a tiny bit of the blame to bad comms with the development team, but by the looks of Wheedle, there were *no* comms with the development team.

  7. If you think the reason for their failure was their use of off-shore developers, you’ve got a horrible surprise coming. However much of a disaster wheedle’s off-shored development turns out to be, it pales in comparison to the hundreds of millions shovelled into the furnace of government and enterprise IT projects.

    It’s worth remembering that the people who advised on the development of this site, and the people who built it, are likely earning salaries that place them in the top few percent of the country as a whole. There’s zero accountability in our industry and it’s time people stopped being so ‘friendly’ and ‘understanding’.

  8. Thanks Ben – I think your post represents what a lot of local developers are thinking at present.

    Wheedle:

    I was really excited when I heard a new player was coming to the online trading market. But to be honest – when you’ve made most of your money from local trading (I would assume this is true) & start shouting about how much of a financial backing you have and STILL choose to bypass our great local talent, well don’t be surprised if that talent chooses to brush over your product with a fine-comb (not that a fine-comb was needed – this was 101 stuff).

    Yes, there is also amazing talent in India but this was a management issue – I don’t think the time was taken to ensure that the right people were found.

    And as many others have mentioned – I don’t think just having lower fees is going to be enough to topple Trademe. Well, not yet anyway. A new business model is needed that changes the way people trade. This is what Trademe succeeded in initially (snuck in before eBay locally). I don’t know what that business model is but surely after two years dedicated to a project and $10 million behind it they could’ve come up with something that wasn’t a Trademe clone.

    ListSellTrade:

    I hate to say this but I’m sure that any decent developer looking at this site for the first time had their doubts about whether it would succeed.

    As soon as site features are disabled using javascript – that’s enough for me. And it’s ironic really in that hitting ‘Enter’ on Wheedle would not trigger a search when it should’ve but doing so on ListSellTrade (even now) will trigger a search even when it shouldn’t (javascript enabled)..

    But what shocks me most about this site: they are a design company! You would think the one thing they would get right would be the design. To me, it’s ugly. The little things haven’t been considered – line-spacing is off, even the favicon not being transparent puts me off. Perhaps the answer lies at http://www.treacyadvertising.co.nz/

    Sorry about the rant but I’m with you. There is great talent out there and these sites are just embarrassing for those people. I would like nothing more than a worthy challenger to emerge but it wasn’t (and isn’t going to be) either of these two.

  9. I remember last year when I first signed up then forgot my password… It made me very angry when they sent my password back in plain text. Like you said, they should have provided better encryption, as well as salted all passwords (did they even salt passwords at all?). Being a 3rd year I.T student, I knew Wheedle was a failure as soon as I seen it – I didn’t enjoy the user experience at all, and who knows what evil-doer could hack into my account with plain text passwords…

    I really think they should have 2-factor authentification on their site – I had to install this on my own site because of a few intrusion attempts.

    Sorry for replying to an old post, but came across it while searching for something else. Weedle’s site looks a lot more promising now – lets hope their PR campaign can restore/create some faith in their product.

Leave a comment

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

%d bloggers like this: