Beta

Slashdot: News for Nerds

×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Comments

top

Microsoft Tries To Censor Bing Vulnerability

peterw Re:Solution (275 comments)

A reasonable way: both of the existing ones. The tracking pixel is used to provide instant user update in 99% of the cases, but the transaction is marked pending. At the end of the day the text list is uploaded to the FTP. Compare the 2 lists, approving all that match and flagging for review any that don't (extra, missing, or different).

Exactly. And I wonder if they've done that already, and simply not updated their integration docs. There's no way to pass a transaction date with the pixel, so Bountii must've first played with this back in January. It would've been nice to know how long the Jan 24 forgeries took to clear. The fact that the Oct 24th purchase hadn't become Available by Nov 4th suggests that Bing might now require batch confirmation for all transactions. Or perhaps the merchant used the Merchant Center interface to flag the transaction -- I know in the ecommerce systems I've been involved with, staff review the transaction log for anything unusual.

There is still that Denial of Service problem -- a user claiming all "future" order IDs and preventing legitimate customers from getting their credits. I thought Bing might've simply prevented any given customer from submitting two claims with the same merchant ID & order ID (classic "transaction token"/page reload stuff), but the screenshots of the Merchant Center suggest that Bing isn't dong that (yet).

My favorite part is that on page 20 of the Bing Cashback integration guide they say that the pixel hack is "recommended" for reporting purchases. Recommended!

Second favorite: that Samir at Bountii posted this on his blog without contacting Bing first. He should've followed something like the RFPolicy protocol (http://www.wiretrip.net/rfp/policy.html).

more than 4 years ago
top

Roku To Go Open Source

peterw Re:Open Source? (140 comments)

That's my read, too. TFA doesn't say anything about even releasing source code, let alone using an OSI-approved open source license. All it promises is an SDK. You know, like the iPhone has.

In fact, one of the articles linked to from an article linked to by TFA suggests that Roku is considering charging for software upgrades that provide HD playback capabilities (http://techpulse360.com/2008/09/24/streaming-media-west-roku-to-open-netflix-player-with-sdk-shifting-to-new-name-soon/). I know that's a "Gratis" issue, not necessarily a "Libre" issue, but still, this doesn't look at all like Open Source.

more than 5 years ago
top

Roku To Go Open Source

peterw Re:SlimServer/SqueezeCenter competitor (140 comments)

This is fantastic news. Hopefully they can make a decent competitor to Logitech's SqueezeCenter platform (also open source, multiplatform). It's fantastic for streaming across many different platforms, but is a bit clunky to use.

Dream on. SqueezeCenter is server-side Free Software (and client-side free-as-in-beer-but-not-speech software [SqueezePlay]); Roku only has client-side software, and they're only TALKING about releasing a free-as-in-beer SDK. So they're talking about releasing a subset of the sort of client-side free-as-in-beer code that Logitech has had for a while, and none of the free-as-in-speech server code that Logitech has offered for even longer.

And that's before you consider things like stability (Roku boxes crashing every 500 hours?). Kudos to Roku's press office for scoring the misleading /. headline, but ain't nothin' to see here.

more than 5 years ago

Submissions

peterw hasn't submitted any stories.

Journals

peterw has no journal entries.

Slashdot Account

Need an Account?

Forgot your password?

Don't worry, we never post anything without your permission.

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>
Create a Slashdot Account

Loading...