It’s easy to laugh at Time for their implementation of a poll. At least it’s not happening to ME, you’re thinking. But if you’re like me, you’re left with a nagging afterthought: how would I have done it differently?
I’m sure the poll votes weren’t even recorded. They like to make you think your vote does something, but Time new it was going to be barack… How you ask? Because the boss said so. Kinda like the real election.
Let me just say this, MANY sites run polls like this. From serious competitions where there is something of value as a reward to the mundane polls. And MOST of them are implemented VERY poorly.
This is hacking 095 folks. Snoop around craigslist and you will find people willing to pay someone to hack a poll (every now and then).
…, but it’s difficult to understand why a high profile website would conduct an anonymous worldwide poll without even the most basic of safeguards in place. This isn’t high security; this is web 101.
I would even go as far as calling it input validation, not security. I consider this to be such a basic check that I’d consider calling this low security an insult to every person who’s ever had to deal with a buffer overflow and other forms of code injection.
It’s interesting also that they give you a range of 0–100.
Is anyone really going to sit there and think, Hmm, I think Barack Obama’s a 73 … or is he more like a 72?
I wager that the legit votes are heavily skewed to the extremes, with a hump at 50. Really, they should have just given three options: Not, Somewhat, Very.
The better question that no one has asked yet is why is a news organization even running and reporting the results of a poll that by its nature is based on self selected sample and therefore scientifically invalid – even if the code weren’t written by idiots.
It’s funny how we give plenty of credit to those who break web apps, while calling those who make them clowns and idiots. Making is much harder than breaking, at least when it comes to webapps with no authentication.
We shouldn’t be encouraging these hackers… Hacking anonymous online polls is easy and thus lame.
Securing them against a determined attacker is much harder, especially if you don’t want to impact the usability for legitimate users.
Any script kiddy could have done that, and yes Time are retards if it did not occur to them to implement something like that with more than about 30 seconds worth of effort, but the real story would have been if someone had managed to add a candidate. Father Christmas? God? Ronald McDonald?
If you can repeatedly remove the influence of others and disproportionately increase your own influence, then, in circumstances where this is possible, you can be said to be most influential.
I don’t think that the webdevelopers are dumb - I think they have to work for people who know next to nothing about the net and on top of this have to make financial ends meet. Something like Put this poll online ASAP. Here is you budget of $500. followed by What is your problem? How hard can it be? Everybody has poll on his blog so this doesn’t look like rocket science to me. Get the heck on it before I fire you.
Agree with TonyS. Criticism on a blog post? Of course. But this is a bit much.
I’d say the major failing here is attempting to do this in-house when they clearly didn’t have the necessary expertise. They should have instead found an established partner whose main business is to provide these kinds of polls. A company with a proven track record. Budget problems? Give the company some visibility and they’d probably love to take on such a high profile poll.