Development Feedback

[jmo1121109]

As you may have noticed, there's been some recent development work on the site. One of the main goals is to get the sites appearance modernized eventually. Instead of doing that all at once, which would be a near impossible undertaking, I'm working on it a page at a time while updating content too.

Some recently added or changed pages include: http://www.webdiplomacy.net/detailedSearch.php
http://www.webdiplomacy.net/rules.php
http://www.webdiplomacy.net/contactUs.php
http://www.webdiplomacy.net/faq.php
http://www.webdiplomacy.net/tournaments.php
http://www.webdiplomacy.net/halloffame.php
http://www.webdiplomacy.net/credits.php

If you haven't yet, please take a look and then provide feedback in a helpful way. So if you dislike something explain why and how you think it could be better. Mockup's or examples would be highly appreciated

The other questions I'd like answered are:
1. What is your dream feature(s).
2. What is your least favorite thing(s) about the site (feature wise).

*Note: restyling a page is a great way to start with some basic coding for the site. bo_sox48 redid the credits page in one of his first code contributions to the site today. And I'm happy to help anyone who needs some help getting started.

[VillageIdiot]

Always awesome to see new features, great job!

Feedback:
On the “Search Games by User”, it’s probably not practical to expect the user to use userID as opposed to user name. Most people probably wouldn’t even know where to find this and even if they did it takes a bit to go grab.

On the rules and faq page I’d recommend going with accordion panels (so only one panel is open at a time). Just makes it easier to browse and fewer clicks.

Dream Features: Email notifications. Live GR updates.

Least Fav Thing: Search feature in a users profile doesn’t persist with pagination.

[Mercy]

Awesome work, jmo!

I second this:

On the “Search Games by User”, it’s probably not practical to expect the user to use userID as opposed to user name. Most people probably wouldn’t even know where to find this and even if they did it takes a bit to go grab.

And will now talk about my dream feature.

I think webDiplomacy should adopt the NMR system from vDiplomacy. In vDiplomacy, if a player misses a phase in one of the first X turns of the game, that player gets kicked out and the phase gets extended by one phase length in order to find a replacement, up to a maximum of Y times. By default, (X,Y) = (2,1), but players can manually change this when creating a game.

As a result of this feature, it virtually never happens that a power doesn't enter orders in the first year of a game on vDiplomacy.

This feature would work well in combination with the following: In addition to displaying upcoming live games on the home page, I think it would work well if joinable live games were displayed, too. In that case, whenever someone signs up for a live game but fails to enter orders in the first turn, everyone online gets the chance to take over their position; and since the phase got an extend and no one moved yet, they do not take over positions that are disadvantageous.

I think this would significantly boost live game experience, and I would predict more live games will be played as a result.

Also, vDiplomacy has point and click, which of course would be very helpful to get ported over here, too, but I believe this was already on your list to do.

[UndergroundOli]

One thing you already seem to partially have implemented is having all my units listed in alphabetical order. In some games this is the case, separating armies from fleets and then sorting alphabetically (which is perfect imo) but then this isn't the case for some of my other games. Might just be me missing something, but I think it would be much easier, especially when you get to a large number of units, to find the one you're looking for if they're in alphabetical order.

[Mercy]

One thing you already seem to partially have implemented is having all my units listed in alphabetical order. In some games this is the case, separating armies from fleets and then sorting alphabetically (which is perfect imo) but then this isn't the case for some of my other games. Might just be me missing something, but I think it would be much easier, especially when you get to a large number of units, to find the one you're looking for if they're in alphabetical order.

In vDiplomacy you can choose how you want your units to be ordered (in alphabetical order, or in order north-south, whether you want to have fleets and armies separated, etc.) under Settings, so this is something that could also be potentially brought over from vDip.

[nxm]

I would really like an option to display time in 24-hour format instead of AM/PM. I use 24-hour time on all of my devices and it can be confusing sometimes.

[boater66]

Not sure how you would feel about this, or how much it would benefit other users, but implementing an API for the site seems like a valuable addition, especially for those of us who would prefer to access and manage our games in ways not constrained by however the admins and development community decide to style the site. This would allow for stable community interfaces to be developed, such as task bar widgets, text-mode clients, irc/telegram bots, mobile app clients, etc, the stability of which are currently subject to the evidently volatile nature of the front-end code itself. From a development perspective this would also decouple your front-end from the game data itself, which is a thoroughly reasonable design decision in modern web-app development to begin with.

Another request I'd like to make is that you consider enabling site-wide https access, as currently all login, passwords, and game data are being sent plaintext over the wire. I'm not sure how large of a concern this is for most users, but it should be noted that anyone reusing passwords between Web Diplomacy and any other services is in jeopardy of having their information accessed and/or modified.

Thanks for giving space for feedback!

[Vaporwave]

Avatar implementation?

Being a mafia player on this site, I've noticed how easy it is to catch up with thread and to follow everything, however my biggest issue is not remembering who said what, all because everyone's indistinguishable.

It would make a huge difference to have each player appear with an avatar unique to their own personality.

[jmo1121109]

Another request I'd like to make is that you consider enabling site-wide https access, as currently all login, passwords, and game data are being sent plaintext over the wire. I'm not sure how large of a concern this is for most users, but it should be noted that anyone reusing passwords between Web Diplomacy and any other services is in jeopardy of having their information accessed and/or modified.

We already have https enabled. Auto redirecting to it is on the todo list though. And passwords are not sent or stored in plaintext. They're encrypted and matched to encrypted passwords in the db. That's why mods cannot "recover" your password for you, only reset you to a random generated one if needed for account recovery.

[jmo1121109]

And this is all great feedback please keep it coming.

[Jamiet99uk]

Nice developments, but PPSC is still missing.

[Mercy]

Nice developments, but PPSC is still missing.

That is the one thing from vDip that should NOT be imported.

[stragemque]

Being my first post, here's the almost obligatory; I'm new here and still getting a feel for how things work.

First of all thanks for working on the site, it's definitely the best web diplomacy site around and I tried 3-4. But I really liked the look and feel of this site, a bit old fashioned and maybe not as fancy as some, but the map functionality, forum and live games make it superior.

• Detailed search

I just get a

Access to this page denied for your account type.

I tried just accessing a detailed search with a second click on the games tab, couldn't see anything different.

• rules

I like how it's easy to get an overview, and I actually noticed some that I missed when I skimmed the rules a couple months ago.
Only suggestion would be that's the dark box is too dark when compared to rest of the site, I also kind of liked the sharp edges everywhere, but it's probably necessary so it's obvious on mobile that's it's a clickable button.

• Contact us and tournamts

Both looks good.

• Faq

Again same as rules.

• Hall of fame

Looks good, maybe on the desktop site two name coulombs could fit? very minor tough.

• Credits

My mouse is still changing to indicate the dark boxes are clickable, but the information is already all expanded. I also don't think it's necessary to hid all information behind an expandable box, especially on the desktop version.

• 1. What is your dream feature(s).

I would love, love, something to indicate when the turn is complete early without having to refresh. This would make live games so much more enjoyable, so far my only nmr's have been form live games where I missed the refresh.
On a similar note, moving the turn time closer to the move orders, I constantly find me self scrolling up and down as I contemplate if I have enough time to change my mind and reorder everything.

• 2. What is your least favorite thing(s) about the site (feature wise).

Least favourite feature? At the moment, I can't think of anything.

[boater66]

Another request I'd like to make is that you consider enabling site-wide https access, as currently all login, passwords, and game data are being sent plaintext over the wire. I'm not sure how large of a concern this is for most users, but it should be noted that anyone reusing passwords between Web Diplomacy and any other services is in jeopardy of having their information accessed and/or modified.

We already have https enabled. Auto redirecting to it is on the todo list though. And passwords are not sent or stored in plaintext. They're encrypted and matched to encrypted passwords in the db. That's why mods cannot "recover" your password for you, only reset you to a random generated one if needed for account recovery.

Ah, sorry for that. Thanks for the clarification. Though passwords input via the default http login portal are still sent plaintext, no? Looking at the code it's just a post to index.php.

[Kremmen]

The only recent change I'd noticed was that the totals on http://webdiplomacy.net/gamelistings.php are sensible. It used to be that "Joinable" would give a total roughly 10 times the real value.

We already have https enabled. Auto redirecting to it is on the todo list though.

Feel free to leave that to the very bottom of the list. For those with no reason to care, https is just a waste of bandwidth, waste of CPU and general waste of time. It's really nice to have sites not force that upon users unnecessarily.

[wulfheart]

An encrypted connection is always not that bad especially in times of "concerned" agencies.

[Restitution]

The only recent change I'd noticed was that the totals on http://webdiplomacy.net/gamelistings.php are sensible. It used to be that "Joinable" would give a total roughly 10 times the real value.

We already have https enabled. Auto redirecting to it is on the todo list though.

Feel free to leave that to the very bottom of the list. For those with no reason to care, https is just a waste of bandwidth, waste of CPU and general waste of time. It's really nice to have sites not force that upon users unnecessarily.

Who on Earth in 2019 can't spare cycles and bandwidth for https? WebDip isn't exactly a high-performance microservice.

I would much rather a guarantee that the password I use for a bunch of sites isn't being sent in plaintext.

[Squigs44]

The only recent change I'd noticed was that the totals on http://webdiplomacy.net/gamelistings.php are sensible. It used to be that "Joinable" would give a total roughly 10 times the real value.

We already have https enabled. Auto redirecting to it is on the todo list though.

Feel free to leave that to the very bottom of the list. For those with no reason to care, https is just a waste of bandwidth, waste of CPU and general waste of time. It's really nice to have sites not force that upon users unnecessarily.

Who on Earth in 2019 can't spare cycles and bandwidth for https? WebDip isn't exactly a high-performance microservice.

I would much rather a guarantee that the password I use for a bunch of sites isn't being sent in plaintext.

Maybe don't mention the fact that you reuse your password on multiple sites on a public forum if you are so concerned about security.

But yes, let's encrypt our passwords.

[Restitution]

The only recent change I'd noticed was that the totals on http://webdiplomacy.net/gamelistings.php are sensible. It used to be that "Joinable" would give a total roughly 10 times the real value.


Feel free to leave that to the very bottom of the list. For those with no reason to care, https is just a waste of bandwidth, waste of CPU and general waste of time. It's really nice to have sites not force that upon users unnecessarily.

Who on Earth in 2019 can't spare cycles and bandwidth for https? WebDip isn't exactly a high-performance microservice.

I would much rather a guarantee that the password I use for a bunch of sites isn't being sent in plaintext.

Maybe don't mention the fact that you reuse your password on multiple sites on a public forum if you are so concerned about security.

But yes, let's encrypt our passwords.

Who on Earth doesn't do that?

[flash2015]

Who on Earth in 2019 can't spare cycles and bandwidth for https? WebDip isn't exactly a high-performance microservice.

I would much rather a guarantee that the password I use for a bunch of sites isn't being sent in plaintext.

Maybe don't mention the fact that you reuse your password on multiple sites on a public forum if you are so concerned about security.

But yes, let's encrypt our passwords.

Who on Earth doesn't do that?

Have you not heard of a password manager? If you are in the Apple ecosystem you get one built in (i.e. your Keychain). For other OS's there are many options but KeePass is what I use. And for goodness sake, make sure you have 2FA at least on your "core" email account (i.e. where any password resets are sent).