Plaidophile

While waiting for CreateSpace to validate my art assets, someone on Song Fight mentioned Mixonic, which I hadn't looked into for a few years, since the last time I checked they were better than CafePress but still pretty terrible, pricing- and feature-wise. Their current prices are pretty good, and beat all the other short-run manufacturers I'm aware of.

However, I have so far had nothing but problems with them, and I will not be using them or recommending their services.

First, as a VERY MAJOR WTF, is that when you log in, not only do your credentials get sent in plaintext, it actually passes in your email address and password on the URL. This means that anyone can look at your browser history and get your password. There are all sorts of fun XSS vectors that can be used to get that, and of course any HTTP proxy that is recording a connection log will just have that stuff for free. VERY insecure, VERY stupid. I can understand if they were feeling lazy about auth and HTTPS and just wanted to return a single-use session identifier, but using the password in the query string? STUPID.

The only reason I found that out, incidentally, was I tried logging in again from a different browser (this issue wasn't there on the account creation page), because their .wav file uploader (a very badly-written Java applet) was rejecting my .wav files as being "corrupted," despite these .wav files being perfectly usable and working in every other piece of software. I switched browsers because maybe it was having trouble with Chrome, but Firefox was having trouble too. It turned out that the issue was that Logic emits some (perfectly legal) metadata chunks for various uses, and their validator was barfing on those. So I submitted a customer service request, and their response was extremely condescending, and said that if it's saying my files are corrupted then they must be and I should upload them as MP3 instead.

Uh, WHAT?! You do not use MP3s as a delivery format for CD audio!

So I replied saying that mp3 is not a suitable master delivery format, and the next condescending response was that "mp3 works just fine for our other customers."

There were some other weird issues too, even before I got to that point; for example, their artwork templates show a huge unsafe crop region (which means that they must have very very high tolerances on their printing processes — some tolerance is acceptable but this had a "safe area" of close to half an inch!) and also for images it was very unclear as to whether they were using the pixel sizes or the DPI sizes, but in any case they wanted something that was marked as 300DPI (i.e. I had to use Photoshop's "save as copy" rather than "save for web" to get the metadata set correctly) and a particular pixel resolution, but they wouldn't say what that resolution was, which made me worry that the positioning and sizing was just going to be all sorts of weird arbitrary with shitty nearest-neighbor filtering or something similarly messed-up.

So, no, avoid Mixonic. They are a service by the clueless, for the clueless. So what if they cost only $2.50/copy? You totally get what you pay for.

The best bit: there's no way to close your account, so I changed my password to "mixonic_sucks" so that I could safely take a screenshot of the login process that shows how stupid it is. (And of course the password change form items went into the URL as well.) Then I logged out, and tried to log back in — and the password field only accepts an 8-character password. Which was not enforced or even hinted at on the password change form, so now I can't even access the account. (Fortunately I had deleted my content first. I'm not positive it's actually gone from there, but whatever.)

Miserable failure of a shitty ass company. How are they still around?