Author Topic: [ANN] Our New Website Is Live!  (Read 16506 times)

0 Members and 1 Guest are viewing this topic.

Offline matt608

  • Hero Member
  • *****
  • Posts: 878
    • View Profile
Really great job!


Offline lovejoy

  • Sr. Member
  • ****
  • Posts: 431
    • View Profile
    • Cryptofresh
  • BitShares: lovejoy
Amazing!

I finally got a chance to sit down and go through the website, and it's a work of art!  Highly functional art.

Well done Cass, and everyone who contributed!

We are on our way. 8)

Offline GaltReport


Offline BunkerChainLabs-DataSecurityNode

It is a huge improvement!

Is the source of the website hosted on GitHub somewhere? The last commit to https://github.com/BitShares/bitshares.org was May 15, 2014, so that can't be it. There are a few typos or minor issues on the website that I would find more convenient to correct myself as I discover them and submit as a pull request. And I assume more will pop up as the website continues to evolve, so collaborative editing would be useful.

I would also like to reiterate that downloading the client binaries from the website is currently insecure. The best way to solve it would be to implement HTTPS on bitshares.org as soon as possible. Until then, a better-than-nothing fix is to point the download links to the binaries hosted on GitHub (protected by HTTPS), get rid of the SHA1 hashes on bitshares.org (because that provides a false sense of security since they can be changed by a MITM attacker of bitshares.org serving its own SHA1 over HTTP), and just tell people to refer to the SHA1 hashes on https://github.com/BitShares/bitshares/releases if they want to verify the binaries downloaded from a source other than GitHub. This is of course not a great solution, because victims visiting a MITM-modified bitshares.org may not pay attention to (or realize the security implications of) the fact that they are downloading the executable via HTTP. I don't want to hear about a user complaining that their money was stolen even though they downloaded THE client from the official "bitshares.org" website, which gives us a bad name.

Good catch arhag. Yes, all downloads should be https at least. I am sure they are watching this thread and will make the changes asap.   +5%
+-+-+-+-+-+-+-+-+-+-+
www.Peerplays.com | Decentralized Gaming Built with Graphene - Now with BookiePro and Sweeps!
+-+-+-+-+-+-+-+-+-+-+

Offline rgcrypto

  • Hero Member
  • *****
  • Posts: 557
    • View Profile
    • Cryptoctopus Blog

Offline werneo

  • Sr. Member
  • ****
  • Posts: 305
    • View Profile
    • chronicle of the precession of simulacra
  • BitShares: werneo
The website needs HTTPS ASAP.

Now the downloads are served from bitshares.org directly over HTTP (http://bitshares.org/resources/downloads). Before they were at least served via GitHub download links which used HTTPS. Please correct this since otherwise users are vulnerable to man-in-the-middle attacks.

....downloading the client binaries from the website is currently insecure. The best way to solve it would be to implement HTTPS on bitshares.org as soon as possible. Until then, a better-than-nothing fix is to point the download links to the binaries hosted on GitHub (protected by HTTPS), get rid of the SHA1 hashes on bitshares.org (because that provides a false sense of security since they can be changed by a MITM attacker of bitshares.org serving its own SHA1 over HTTP), and just tell people to refer to the SHA1 hashes on https://github.com/BitShares/bitshares/releases if they want to verify the binaries downloaded from a source other than GitHub. This is of course not a great solution, because victims visiting a MITM-modified bitshares.org may not pay attention to (or realize the security implications of) the fact that they are downloading the executable via HTTP. I don't want to hear about a user complaining that their money was stolen even though they downloaded THE client from the official "bitshares.org" website, which gives us a bad name.
+5%

 :o  arhag has identified a significant attack vector.  Let's bang a gong or something. This sounds serious.

Offline Method-X

  • Hero Member
  • *****
  • Posts: 1131
  • VIRAL
    • View Profile
    • Learn to code
  • BitShares: methodx
Three cheers for @cass!  8)

Offline 天籁

  • Hero Member
  • *****
  • Posts: 744
    • View Profile

Offline arhag

  • Hero Member
  • *****
  • Posts: 1214
    • View Profile
    • My posts on Steem
  • BitShares: arhag
  • GitHub: arhag
It is a huge improvement!

Is the source of the website hosted on GitHub somewhere? The last commit to https://github.com/BitShares/bitshares.org was May 15, 2014, so that can't be it. There are a few typos or minor issues on the website that I would find more convenient to correct myself as I discover them and submit as a pull request. And I assume more will pop up as the website continues to evolve, so collaborative editing would be useful.

I would also like to reiterate that downloading the client binaries from the website is currently insecure. The best way to solve it would be to implement HTTPS on bitshares.org as soon as possible. Until then, a better-than-nothing fix is to point the download links to the binaries hosted on GitHub (protected by HTTPS), get rid of the SHA1 hashes on bitshares.org (because that provides a false sense of security since they can be changed by a MITM attacker of bitshares.org serving its own SHA1 over HTTP), and just tell people to refer to the SHA1 hashes on https://github.com/BitShares/bitshares/releases if they want to verify the binaries downloaded from a source other than GitHub. This is of course not a great solution, because victims visiting a MITM-modified bitshares.org may not pay attention to (or realize the security implications of) the fact that they are downloading the executable via HTTP. I don't want to hear about a user complaining that their money was stolen even though they downloaded THE client from the official "bitshares.org" website, which gives us a bad name.

Offline BunkerChainLabs-DataSecurityNode

So awesome!

Love the new look.

Well laid out and functional.

 +5%
+-+-+-+-+-+-+-+-+-+-+
www.Peerplays.com | Decentralized Gaming Built with Graphene - Now with BookiePro and Sweeps!
+-+-+-+-+-+-+-+-+-+-+

Offline hpenvy2

  • Sr. Member
  • ****
  • Posts: 217
    • View Profile
 +5%  We're beginning to put on the professional polish. Nice job.

Offline Empirical1.1

  • Hero Member
  • *****
  • Posts: 886
    • View Profile
 +5% Well done guys I like it very good work!

Offline ak

  • Full Member
  • ***
  • Posts: 57
    • View Profile
It is with great pleasure that I announce the launch of the new bitshares.org website! It's now live!

We really came together as a community on this one. We received a lot of great feedback from people on the forums, as many of our community members ideas and suggestions were incorporated into the new site. It's important to point out that nothing is set in stone here and that this website will always be a work in progress, as we will continue to seek ways to modify the site over time to improve the user experience and increase new user acquisition conversion rates.

When it comes to acknowledging individual efforts, there were so many people involved in the project, I almost don't know where to start…

BIG THANKS to cass (whom I know first-hand worked on this project day and night in order to see it through to completion), nikolai and prometheus for creating some really awesome content, the NullStreet Marketing team, and anyone else that was involved whom I might be leaving out!!!

2015 is going to be a great year for BitShares!!
« Last Edit: February 04, 2015, 06:49:10 am by cass »