Guest Posted June 9, 2021 Trying to login to https://quality.embarcadero.com/login.jsp triggered me and i want to give an advice to everyone Look at other websites before designing your own, and don't violate your visitor privacy for gain or out of stupidity, this will not run well with the current laws. First The above link does ask for CAPTCHA in most ugly way, like this You can see clearly the autocomplete is hiding the thing, no page ever did that stupid thing with captcha under its input field, Second You want analytics for your site, then that is ok and within your right, but allowing some shady tracking stuff is a NO unless you are planning to sell your domain I have many extensions in my browser to protect and filter out most the nasty stuff in the https://www.embarcadero.com page, so i went to an extra length to show you this salad I you want analytics then pick one freaking method instead of using 102340 tracking method, without notifying your visitors, every one should by now have heard about GDPR, and delegating that shit to other 3rd-party doesn't absolve you from consequences. So Facebook, Google, Tawk, batshit Bing, Twitter, Eloqua, and that very shady en25 script !! was it enough ? Don't do that for your visitors, but if you need all of that then you might add yahoo to that orgy and you can ask publicly, we the visitor gladly can suggest few useful tracking links to violate your visitors privacy even more. ps: many if you might heard about hidden pixels ( called tracking pixels sometimes) and here you can see them on your beloved site, now you can see it Share this post Link to post
Anders Melander 1783 Posted June 9, 2021 57 minutes ago, Kas Ob. said: The above link does ask for CAPTCHA in most ugly way, like this You can see clearly the autocomplete is hiding the thing, no page ever did that stupid thing with captcha under its input field, The login looks like the standard JIRA Server login page so it's probably designed by Atlassian. While they're not known for their usability skills I don't see a big problem with it. You can blame the autocomplete on your browser. As far as the tracking on the main site goes, yeah that sucks. Luckily Firefox blocks all of it. Share this post Link to post
Guest Posted June 9, 2021 12 minutes ago, Anders Melander said: The login looks like the standard JIRA Server login page so it's probably designed by Atlassian. Not saying i saw many Jira login pages but never seen this one anywhere, also it is fully customizable as always. 14 minutes ago, Anders Melander said: You can blame the autocomplete on your browser. My browser autocomplete never failed me 😎, it is always working and never crash my browsing sessions, will not blame it. Share this post Link to post
Anders Melander 1783 Posted June 9, 2021 14 minutes ago, Kas Ob. said: Not saying i saw many Jira login pages but never seen this one anywhere, also it is fully customizable as always. It's Atlassian. If you want to customize the UI you will have to modify the source and probably recompile JIRA. I think Atlassian invented suckage. Embarcadero has customized it a bit but I'm guessing they did that by tweaking the CSS. Here's what the standard JIRA Server 7 (they're on v6) login looks like: 14 minutes ago, Kas Ob. said: My browser autocomplete never failed me 😎, it is always working and never crash my browsing sessions, will not blame it. So your browser is able to autocomplete captchas? Impressive! Must be that there new artificial intelligence thing I've been hearing about... 🙂 1 Share this post Link to post
Guest Posted June 9, 2021 22 minutes ago, Anders Melander said: So your browser is able to autocomplete captchas? I used autocomplete and that was wrong wording, i didn't mean autofill. Share this post Link to post
Guest Posted June 9, 2021 @Anders Melander, so ok, they use Jira... I know you said that to add information in order to cater for the OPs ruminations. But i cannot refrain... All decisions are decisions and someone "took" them. M: So we want a captcha. DV: It's a bit tricky in Jira. M: So do trickery, then. DV: OK. Result: nobody no-one not anyone "own" or remembers this. Kas Ob (and me) suffers... Should have been (1): M: So we want a captcha. DV/A: Why? M.... Result: working login Jira page. Should have been (alt 2): M: So we want a captcha. DV: It's a bit tricky i Jira. A: Why do we want a captcha? Why do we need Jira? What is would the results of a "trick" be? DV/M/A: [5 hours of weighing scenarios] Fuck captcha! Result: working login Jira page. ** or ** Should have been (alt 3): M: So we want a captcha. DV: It's a bit tricky i Jira. A: Why do we want a captcha? Why do we need Jira? What is would the results of a "trick" be? DV/M/A: [5 hours of weighing scenarios] Fuck Jira! Result: Neat and nice clamped down system for doing what is important. Happy Kas (and me)! ** or ** Should have been (3): M: So we want a captcha. DV: It's a bit tricky i Jira. A: Why do we want a captcha? Why do we need Jira? What is would the results of a "trick" be? M/A: [5 hours of weighing scenarios] Fuck the DV, get his a** kicked! Result: Better Emba. My $.005 Share this post Link to post
Guest Posted June 9, 2021 5 hours ago, Kas Ob. said: ps: many if you might heard about hidden pixels ( called tracking pixels sometimes) and here you can see them on your beloved site, now you can see it It's kind of funny that they (fb) used the path "tr" for that endpoint. TRacking. Why did you put the red square on the google gets above and below? Are you saying the above and below requests are related or is it to emphasize the double square to the right? Share this post Link to post
Guest Posted June 9, 2021 4 minutes ago, Dany Marmur said: Why did you put the red square on the google gets above and below? Are you saying the above and below requests are related or is it to emphasize the double square to the right? Good question, although squaring google gets is a mistake, look at how manipulative is that, it is done twice by Facebook tracking and identifying system to insure they received your specific information, once with GET and the information are loaded in the path, the second was with POST and the load in the http header and to bypass many filters the request had 0 byte response, in other cases you will see dropped connection without even a response like 200, this and many other tricks are used to fool filters and known blocking methods. Also want to recommend everyone to disable cross site cookies, it is very important and without disabling it in your browser these sites will continue to track every page you visit, Google "prevent cross site cookies" for more information. One more thing, the welcome page in the IDE is first thing i remove, but does anyone know what embedded browser allow or bring to you? it is for everyone to decide. Share this post Link to post
Anders Melander 1783 Posted June 9, 2021 8 minutes ago, Dany Marmur said: But i cannot refrain... All decisions are decisions and someone "took" them. I don't get this moaning about the captcha at signup. AFAIK it's an standard option in JIRA so it's easy to turn on or off. There's no effort involved. My physic powers are limited so I don't know why they chose to enable it but I'm guessing they had a good reason. Apparently others know better. I agree that it would be better to have the captcha above the input field but it isn't really something I can get upset about. Click another field, read the image, enter the text and move on. Share this post Link to post
Guest Posted June 9, 2021 In fact Jira have captcha that can be enabled and here how to enable it https://confluence.atlassian.com/adminjiraserver080/enabling-public-signup-and-captcha-967897139.html So someone really did walk an extra step to redesign it, and all what i want to point is some bad practices, and brought as an example two links that sometimes i have to click. Share this post Link to post
Guest Posted June 9, 2021 17 minutes ago, Kas Ob. said: Also want to recommend everyone to disable cross site cookies You mean "client side", in all invocations of all the browsers i personally use? Server-side i deliver *everything* from the same server. No CDNs, no trickery, no 3rd party anything. Just knockout.js (and bootstrap but that sh*t that will be purged in 6 months hopefully, meaning jQuery will go away too). Thanks! Share this post Link to post
Guest Posted June 9, 2021 1 minute ago, Dany Marmur said: You mean "client side", in all invocations of all the browsers i personally use? Yes, meant the browsers aka client side. Share this post Link to post
Fr0sT.Brutal 900 Posted June 28, 2021 Shouldn't CAPTCHA fields have "autofill =no" (don't know exact naming) property set? Share this post Link to post
Guest Posted June 28, 2021 2 hours ago, Fr0sT.Brutal said: Shouldn't CAPTCHA fields have "autofill =no" (don't know exact naming) property set? Attribute? <tag-name attribute-name="attribute-value"></tag-name> Share this post Link to post
Fr0sT.Brutal 900 Posted June 28, 2021 30 minutes ago, Dany Marmur said: Attribute? <tag-name attribute-name="attribute-value"></tag-name> Sure Share this post Link to post