I don't want to get into hate-goko-mode again, but what they delivered on launch day was not some bugs, that was some demonstration of complete unawerness on any security concern, and was reason enough to shatter any believe in a safe product from their side.
Of course you can say they fixed it so it's probably fine, and nobody has proven the opposite, and of course it's impossible to prove that there are no bugs anymore, so it's unreasonable to expect such a proof. It's even unreasonable to expect there are no bugs anymore.
But, given the history, I think that it is reasonable to just not trust in the security and demand some strong evidence on the contrary to gain trust again, no matter how unlikely the existence of such an evidence is.
And this is how I understand WW's request here, and that's also more or less my stance on this topic.
The best I have heard on this topic is something like 'we have someone to review our code and a paying more attention while developing', which is not even 'we have hired $CompanyA to review our code and implemented policies $X,$Y and $Z' which would be a lot more concrete. Of course one could say usually companies don't publish these kind of things, but there again, companies usually also don't knowingly release a product with JS-injection in the chat.
Very fair points. Question 1 is, of course, have they fixed the JS-injection issue? (Or are they working on it?) I honestly don't know... I'm not following the nuances of goko-development that closely. My goko issue is that on my 10" tablet, their site is (at most) 2.5". It is literally unplayable, as my finger cannot select the right card... and there's no option to zoom in or go full-screen. [And yes, it is strange to me that goko won the rights to make computer-Dominion because they promoted themselves as having the solution for tablets, phones, and all devices... and yet, as of today, it is much easier to play on iso with my tablet than goko... even though it's a pain to play on iso... so lately I've been just playing Androminion against the AI, which is 0/10 against me.
]
Maybe because I'm a
video-game hobbyist, I looked at the launch differently. When I first joined the goko beta, I was impressed with how much it could do. It's important to keep that in mind, because Dominion is a very complex game. 200+ unique cards...
blue-dog scenarios... as a programmer, that would not be a fun assignment. Making online Monopoly, for example, would be about 1000 times easier. Sitting here at my computer I can wrap my mind around Monopoly... what the basic classes would look like, the database of properties, etc. But when I think about Dominion, my brain quickly throws an out-of-RAM exception message. I mean, even Bridge and Highway... which have basically the same effect, have to be programmed independently, because, you know, you can't King's Court the highway for -3. And King's Court doesn't play like Throne Room (because King's Court
may be used, and Throne Room
must. And then we have Possession... and KC'ed Possession... Monopoly doesn't have anything like that, because the cards barely interact with one another. Monopoly sounds like a high school Intro to Computers assignment compared to Dominion.
So yes, I was impressed that goko wrote all that crazy code and the game basically worked in beta. (Also impressed with DougZ and the Androminion team. Kudos to all...)
I presume that the managers at goko were also similarly impressed that their coders tackled all this complexity, and in their giddyness, they wanted to show the world... "Look! We've got something!" Also bear in mind the public relations pressures they must have felt
prior to beta... namely that our community knew that Rio Grande had made a deal with someone to make an official computer version, and yet we knew next-to-nothing about that company or that version. Thus to "prove" to us that they didn't screw up Dominion for its fans, they invited us into the beta to show us that the game basically worked. And then there was the PR pressure to release with Dark Ages (by far the most complex set to date) at the same time as print Dark Ages... and at the gaming convention. And come on... we were all dying to see Dark Ages... and play it against the world's top players (the iso community).
Yes, they rushed it. By rushing it, they didn't do due diligence on their server load capabilities or their JS-injection vulnerabilities. But I think it is understandable why they did so. There were lots of real-world pressures to show the community something cool... there was lots of crazy code to write for Dark Ages cards (which already had their programmers working double-shifts)... and they didn't have the resources to test every possible security angle (
which even a major company like Heartland Payment Systems failed to do in 2009). They figured that they could iron out the bugs down the road... that users would understand. I mean Starcraft 2 players understand that Blizzard is going to patch their game about once a month... and this is for their own good.
[Side-note... maybe the patching process is hurting goko's reputation? I mean... when you update a stand-alone game like Starcraft, you get a log of the patch's fixes so you would see something like "JS-injections via chat fixed in version 1.2.1".
Maybe that's the kind of concrete "implemented policies $X,$Y and $Z" that you're looking for? Websites don't (usually) have version logs, so you can't easily see if goko fixed something like that. When their PR guy comes on our forum and says "yeah we fixed that" maybe it doesn't
seem as official as a patch log?]
It is unfortunate that so many companies are moving toward a release-early patch-in-production mentality (Skyrim on the PS3 anyone?).
And a company's reputation is impacted by that. Personally, I prefer to be a mid-to-late adopter, because I deal with computer bugs all day at work and when I'm at home I prefer not to QA someone else's product. So I didn't get Skyrim until a year after it was released, for half the price, loved the game immensely, and had none of the frustration over my PS3 crashing.
I completely respect you or WW waiting to be a late-adopter.... especially if you're still having fun at iso. Let other people jump in and deal with the bugs and frustration first, I get that.
What I don't get is boycotting goko forever and ever... and refusing to give them a second chance after they've fixed the specific issues. If I had done that with Skyrim, I would have missed out on one of my all-time favorite games.
From one goko-hesitant to another...
David