Coin Compendium testing begins!

[badon]

I considered the Amazon EC2 system originally. There were many reasons why I decided against using it. Mostly the problem was data integrity. The Amazon system is good for something big and temporary, but for a permanent historical data archive, it'll just lose the data eventually.

I may still end up using it if all we need is a big, temporary cache of the website to serve to a large volume of readers who aren't interacting with the site. Since the site is a dynamic data mining tool, it may not work out well for even that much. Some of the features I have added recently would have to be removed in order to get it to be cacheable. We'll see how it goes - if I REALLY can't avoid it, I can remove the features and set up caching.

I am extremely critical of anyone else's notion of backup and data integrity. Almost all of them have holes where data can be lost. My #1 priority is data integrity, and I'm willing to sacrifice a lot in order to get it.

[PandaOrLunar]

I’m not part of the tester group and thus have not seems the screens.  So I'm assuming there are a bunch of screens where people can input data?  If so, what application security checkpoint, input validation, and sanitizing are in place to prevent malicious or unintentional bad inputs that could negatively impact the system?

[dobedo]

According to VMWare, you should have no problem with data integrity whatsoever...or you can get yourself a private cloud from them or IBM or Dell or...

[badon]

I’m not part of the tester group and thus have not seems the screens.  So I'm assuming there are a bunch of screens where people can input data?  If so, what application security checkpoint, input validation, and sanitizing are in place to prevent malicious or unintentional bad inputs that could negatively impact the system?

The system is not very restrictive, so it is very easy for someone to enter in bad data, either on purpose, or accidentally. But, since registration is always going to be required, no one will be able to deliberately enter in bad data without someone noticing. There are a few ways bad data can be "noticed":

* Data with a problem that can be checked automatically will show up in a "Fix me" list, so the data can be inspected.
* After the data is inspected, there are several possible actions that can be taken. The data can be corrected if it is a simple mistake. It can be marked as a "Problem" if the data is legitimate, but represents something abnormal, like an auction that completed at a high price with known or suspected shill bids, or an auction that was held under obscure circumstances that resulted in a low price that's not representative of the market. It can also be deleted it if it the data is seriously flawed somehow.

For most situations the "Problem" feature is the best course of action. It can be used on all sorts of areas of the site, including on the coins themselves. For example, if an auction sells for a low price, it could be because the coin has white spots of death. If the coin is already marked as having that problem, the auction sighting for the coin can be automatically marked with the problem too. That way, if you're researching prices for a high grade coins, you can weed out the prices for coins that have white spots (or anything else you choose).

Also, about the "bunch of screens" to input data, almost all of these are designed to prefill most of the data for you. Some of them are capable of prefilling ALL of the data for you. That capability not only makes the site faster and easier to use, but also eliminates a lot of potential errors. In fact, most of my effort is spent making the site as easy to use as possible (there's still a LOT to be done).

[badon]

According to VMWare, you should have no problem with data integrity whatsoever...or you can get yourself a private cloud from them or IBM or Dell or...

They are either lying or ignorant. I think its a little of both, but mostly ignorance. All computer systems lose data. The mantra of the 1980's was "computers don't make mistakes, people do" - and it's completely wrong. I have gone to great lengths to deal with the data loss issue - it absolutely cannot be prevented, but it CAN be corrected and restored when it happens. That's the strategy I'm using. I had to put a custom system together that is capable of doing all of the steps required to ensure data losses are corrected. If you look at my forum signature, it says "backup is not enough"...I'm doing backup, of course, but I'm also checking and verifying literally every bit of data at each step of the way, with multiple redundant stores of data, so when a data loss is found, it can be repaired with a (verified and guaranteed!) good copy of the data.

Big companies make big promises about data integrity, but very few of them actually check the data to make sure it isn't corrupted. Their customers happily use the systems for decades before they realize much of their data is gone forever. By then, it's too late - the big company already has the customer's money, and the customer is already tied to the big company, so if the customer doesn't go out of business due to the data losses, they still won't be able to switch. Even if they try to switch, they'll find the same big companies and big promises, which are just a pack of lies and arrogant ignorance.

When you want something done right, you do it yourself, and that's why it's taken me a year to get this thing functional enough to begin testing. I had to become an expert in everything (again) in order to know the proper way to set this monster up. Hopefully, even if there's other unforeseen problems, the data itself will be secure for the ages. Cross your fingers :)

[PandaOrLunar]

When I said application security and bad data, I was thinking more along the line of attack and hack.  One example, will the system sanitizing the input data to handle Stored XSS https://www.owasp.org/index.php/Cross-site_Scripting_%28XSS%29 attack or other malicious intents?

From reading all the postings so far, correct me if I wrong, it seems we all are focusing only on functional testing.  No security testing?

Just trying to help in any way I can 

[badon]

Ah, I see what you mean. The underlying systems the CC is built on are rigorously tested for security, so there's no worries about that, as long as everything is updated quickly when security issues are found. I'm able to override some of the security features, but so far I've found no need to do that.

[badon]

I made an interesting decision today. I decided that duplicates of sightings are actually a good thing. I tried automatically detecting and marking them, like the CC already does for specimens, but I realized that CCS2 has two sightings for the same ebay auction: 1 sighting for when the auction was spotted, and 1 more for when the auction ended and established a completed sale price.

There are many other good reasons why the same coin offering might get multiple sightings. One important example is when the price changes. Some website may offer the same coin, and keep dropping the price until it sells. Each price change could produce a new sighting that would be helpful and informative.

Also, even each sighting is completely identical in every way, having multiple sightings from different people serves to confirm that the data is accurate, especially if one of the people entering in the sighting is a person with a good reputation for entering in accurate data (like a researcher or other expert). So, if a sighting shows up that's odd, but it's entered in 3 different times by 3 different people, when reviewing the data later it will be clear that the sighting is not a mistake.

One thing I may want to do is link together sightings so "duplicates" will show up on each sighting page. Instead of calling them duplicates, I'm thinking of calling them "confirmations".

Any thoughts on this subject?

[DiggingNorway]

I understand where you are coming from... the one thing I am pondering is that sightings are shown at a too high level... they should be kept at subtype level in my opinion and not type, this because the sightings do not indicate which subtypes they are, thus when you enter the main type page and see alot of sightings you dont know until you have clicked on one, if you will actually get the info. you are after....

another thing, more related to your post; I manually had to increase the ending bid (final sale price) for a sighting... it was cited as 8oo somthing dollar ( a 69 confucius gold 1/3), the auction ened at 1250. I.e. if people addd sightings in the middle of an auction, and the price ends higher, and noone enters a duplicate sighting with the ending price, the sighting only gives a snapshot of the bidding... that is why I provided screenshots of the ended auctions...

these are two different subjects that I am adressing...  and it goes to show that this"monster" is in its puberty...

[DiggingNorway]

what happened to the images on the main page? the seem to be altered w.r.t to uploading time? old photos are moved up, some photos have dissapered? looks strange... is the total amount og images the same now, as for three hours ago?

[DiggingNorway]

the 1/20 1998 LD Gold I know for sure I uploaded a long time ago.. now its suddenly appearing after images that I uploaded after...

[badon]

The images are sorted by modification date, so you can check what modifications people have done to them. I just made a lot of automatic changes to images, so everything has been updated today. I'm going to be making more changes too, but I'm almost done.

If you want, I can sort it a different way.

[badon]

I just changed the images, so you can see a lot of newly uploaded images, and also a few recently changed images below it.

[badon]

I understand where you are coming from... the one thing I am pondering is that sightings are shown at a too high level... they should be kept at subtype level in my opinion and not type, this because the sightings do not indicate which subtypes they are, thus when you enter the main type page and see alot of sightings you dont know until you have clicked on one, if you will actually get the info. you are after....

I fixed this. Sighting lists now show sortable type information at the bottom of the page (the table is too wide!).

another thing, more related to your post; I manually had to increase the ending bid (final sale price) for a sighting... it was cited as 8oo somthing dollar ( a 69 confucius gold 1/3), the auction ened at 1250. I.e. if people addd sightings in the middle of an auction, and the price ends higher, and noone enters a duplicate sighting with the ending price, the sighting only gives a snapshot of the bidding... that is why I provided screenshots of the ended auctions...

Don't change a sighting once it's entered in correctly (unless it's entered incorrectly). Instead, add another sighting. Auctions don't need to have a price entered, because the price hasn't been established yet. But, when the auction starting price is high, it's good to enter it in, like you did with 800 USD. Just be sure to mark that the sighting is for an auction, and it is a "Sale" NOT a "Completed sale".

When the auction ends, enter in another sighting with the ending price, and mark it as a "Completed sale". That way, when people are doing research on auctions:

* Auctions with no price entered are assumed to be auctions that start at very low values.
* Auctions with a price entered but marked as "Sale" are assumed to be auctions with a starting auction price.
* Auctions with a price entered and marked as "Completed sale" are assumed to be auctions that have finished with a final auction price.

Maybe there's some way I can change that to make it more clear, so you don't have to make assumptions.

[DiggingNorway]

The images are sorted by modification date, so you can check what modifications people have done to them. I just made a lot of automatic changes to images, so everything has been updated today. I'm going to be making more changes too, but I'm almost done.

If you want, I can sort it a different way.

no no... I just was afraid some photos had disapared or what was going on :)    modification is good...

the level of sightinghings is another issue :)