user feedback – Why is UX design important for online multi-tenant B2B SaaS application?

I work as medior backend developer in a small company (~ 30 people), where we build an online multi-tenant B2B SaaS application for energy management.

I would describe our app as an app with many cool features, which are not well presented, overall UI design is like from 2005, and overall user experience is sometimes confusing even for me, when I should clearly know, what’s going on in there.

My problem is following:

We’ve developed features, that we were told “our customers needed”, but I have recently found out, that the features are not used by anyone even after several months.

Our CEO/Sales person does not want to invest in better UI/UX design because, by his words “design does not sell in B2B”, even though we’ve never performed any customer satisfaction survey.

My attempts with gathering user feedback was pastponed, because it was “low priority”.

I was told that feedback from our users, is not important, because most of them are not the one, who pay for the service.

Only solution provided by management was to enlarge our base of sales people.

So, how would you convince anyone, who does not believe, that UX design and design generaly is important, to send survey to users?

My goal is to perform a survey, I have prepared, to get a feedback. If the feedback is as bad as I think it will be, and our management still keeps their statement, then I am ready to resign. But I don’t want to give up yet.

I read numerous articles about B2B design, but most of that was about website design available to everyone, so SaaS could differ. Also, I get it’s hard in B2B, to get the right people to gather feedback from.

I will be happy for any response.

8 – Filtering by User Reference with JSON API

I try to filter some data by User Reference. My problem is, it return me an empty list

"data": []

It only works if the authenticate user own’s the data…

My request :

{{url}}/api/node/artist_availability?filter[artist_user.entity:user.id]=user_id

I replace “user_id” with the real data.
I tried a lot of synthaxes :

{{url}}/api/node/artist_availability?filter[artist_user.entity.id]=user_id
{{url}}/api/node/artist_availability?filter[artist_user.id]=user_id
{{url}}/api/node/artist_availability?filter[artist_user.meta.id]=user_id

None of them work.

So my question is : Is it possible to filter by user reference without the current user owning the data ?

vulnerability – Can python be used to retrieve a session ID to mimic logged in user at periodical times?

Let me quickly explain and then ask the question. I’m developing a Web Vulnerability assessment scanner for a project, and I’m learning python as I go, so forgive me if it might sound like a dumb question. The idea is to allow a user to run periodical scans against their website and report SQL injection findings, XSS vulnerabilities for the beginning and further develop from there. They could then go back and view all the scans and keep track of their website’s security performance.

The pre-requisite is for the user to be logged in when they run the scan to grab the Session ID to mimic the user. But I want the scan to be able to run once a day in the background. How would that be possible? Is the Session ID used initially still being valid for the next scans? Is there a better approach I could take to it, maybe?

Thanks for taking the time to read so far. Hopefully might get some advice from someone more knowledgeable than me :]

PS: If you have any recommendation to make me consider other vulnerabilities/libraries, I’m all ears

How can I create a user that is not allowed to change its own password on mediawiki?

I am currently creating a mediawiki where there are administrators and writers, and everyone else in the project only needs read access. Our current approach is having all the read-only users share a same login for accessibility. How can I ensure that this user is not able to change its own password?

Web page refresh (F5) user expectations and behavior

There are several good researches on how an average user expects the browser’s Back/Forward buttons to work. But there are quite few well-known good practices regarding the browser-level page refresh (F5 key, refresh button or swipe from top to bottom on mobile devices). Some of them are:

  • Preserve user-already-entered values in form fields when page is refreshed
  • Do not refresh pages unexpectedly

But let’s think about page query parameters and have a look at the OpenID Connect specification. It contains the ui_locales URL parameter and I’m sure there are other protocols out there that take UI locale into account in a similar way.

Now this case example has spawned some controversy within our development team:

  1. A Russian-speaking user visits a website which has no Russian localization. So the user selects English locale among the provided options.
  2. The user clicks signup button which directs him/her to an external OpenID Connect signup form page with ui_locales=en (because that’s what the user seemingly prefers).
  3. The user notices that the signup page does support Russian locale and switches to it.
  4. The page then loads Russian locale resource file via AJAX and dynamically replaces all texts to Russian equivalents.

At this point we have a Russian-localed page but with ui_locales=en in the URL. If the user decides to refresh the page for some reason, this may suddenly bring back the English language if the page has not been intentionally coded to override the query-passed locale with the “local” user-explicitly-selected locale and if it does not dynamically update the ui_locales in the page URL via History.replaceState() when the user changes it.

My questions are:

  1. What do real-world users expect and don’t expect from page refresh in general and in this case particularly?
  2. When do they actually manually initiate a browser-level page refresh?

Does anyone have relevant data?

Braintree Virtual Terminal Backend User Role

How can I enable the Braintree Virtual Terminal that is under the Sales tab in the backend? I only see it for a user role that has access to everything. There needs to be an option after Transactions in the resource section. Role Resources

forms – Selected radio button shows user more content

I tried to search info for my question but I didn’t found it. I think I just can’t find right search words because this doesn’t feel to be very rare case. If you have topics about this I would like to check it.

Case example:
User can choose one option out of 3 options. At least one of the options provide more content related to selected option.

Where this new content should be shown and why? How would this type of situtation done so it’s accessible?

I made this sketch to make my question more clear.

  • Example 1 shows new content between radio buttons
  • Example 2 shows new content under the radio buttons

content

amazon web services – Cannot Delete S3 Bucket even though the IAM user as S3FullAccess policy

I cannot delete the bucket from an IAM user account which uses a virtual MFA device profile

I have generated session toekns and added it to the profile section of ~/.aws/credentials file. and the profile config is added to the ~/.aws/config file

❯ cat config
(default)
output = json
region = us-east-1
(mfa)
output = json
region = us-east-1

and

(default)
aws_access_key_id = XXXXXXXXXXXXXXXXXXXXX
aws_secret_access_key = XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
(mfa)
aws_access_key_id = XXXXXXXXXXXXXXXXXXXXX
aws_secret_access_key = XXXXXXXXXXXXXXXXXXXXX
aws_session_token = XXXXXXXXXXXXXXXXXXXXX

When I run the command to delete this bucket (it is empty)

❯ aws s3 rm s3://iac-bucket --recursive --region us-east-1 --endpoint-url https://s3.us-east-1.amazonaws.com --profile mfa
fatal error: An error occurred (AccessDenied) when calling the ListObjectsV2 operation: Access Denied

Also, the bucket does not show up in Management Console nor on ls command

❯ aws s3 mb s3://iac-bucket --profile mfa

gives no output, and

❯ aws s3 ls s3://iac-bucket --profile mfa --region us-east-1 --endpoint-url https://s3.us-east-1.amazonaws.com

An error occurred (AccessDenied) when calling the ListObjectsV2 operation: Access Denied

I have the following policies attached to this user via a group

AWS Policies attached via Group

How do I delete this bucket?
Why doesn’t it show up at all? I know it exists because

❯ aws s3 mb s3://iac-bucket --profile mfa --region us-east-1 --endpoint-url https://s3.us-east-1.amazonaws.com
make_bucket failed: s3://iac-bucket An error occurred (BucketAlreadyExists) when calling the CreateBucket operation: The requested bucket name is not available. The bucket namespace is shared by all users of the system. Please select a different name and try again.

buttons – How do I tell the user a filter is active

I have a button in my interface that when clicked shows a listbox so the user can apply a filter by those items the user has selected. It looks like this:

Filter

My question is: How do I tell the user there is an active filter? The tooltip of the button will have a description of the active filters but I was thinking about a change in the icon or the border of the button. What color would you make the icon for when a filter is active and when it is not?

Edit: Screenshot of the top of the application where the button is placed (the button is in the middle after the three comboboxes:

Top