×

Announcing: Slashdot Deals - Explore geek apps, games, gadgets and more. (what is this?)

Thank you!

We are sorry to see you leave - Beta is different and we value the time you took to try it out. Before you decide to go, please take a look at some value-adds for Beta and learn more about it. Thank you for reading Slashdot, and for making the site better!

Comments

top

Microsoft Tries To Censor Bing Vulnerability

peterw Re:Solution (275 comments)

A reasonable way: both of the existing ones. The tracking pixel is used to provide instant user update in 99% of the cases, but the transaction is marked pending. At the end of the day the text list is uploaded to the FTP. Compare the 2 lists, approving all that match and flagging for review any that don't (extra, missing, or different).

Exactly. And I wonder if they've done that already, and simply not updated their integration docs. There's no way to pass a transaction date with the pixel, so Bountii must've first played with this back in January. It would've been nice to know how long the Jan 24 forgeries took to clear. The fact that the Oct 24th purchase hadn't become Available by Nov 4th suggests that Bing might now require batch confirmation for all transactions. Or perhaps the merchant used the Merchant Center interface to flag the transaction -- I know in the ecommerce systems I've been involved with, staff review the transaction log for anything unusual.

There is still that Denial of Service problem -- a user claiming all "future" order IDs and preventing legitimate customers from getting their credits. I thought Bing might've simply prevented any given customer from submitting two claims with the same merchant ID & order ID (classic "transaction token"/page reload stuff), but the screenshots of the Merchant Center suggest that Bing isn't dong that (yet).

My favorite part is that on page 20 of the Bing Cashback integration guide they say that the pixel hack is "recommended" for reporting purchases. Recommended!

Second favorite: that Samir at Bountii posted this on his blog without contacting Bing first. He should've followed something like the RFPolicy protocol (http://www.wiretrip.net/rfp/policy.html).

more than 5 years ago
top

Roku To Go Open Source

peterw Re:Open Source? (140 comments)

That's my read, too. TFA doesn't say anything about even releasing source code, let alone using an OSI-approved open source license. All it promises is an SDK. You know, like the iPhone has.

In fact, one of the articles linked to from an article linked to by TFA suggests that Roku is considering charging for software upgrades that provide HD playback capabilities (http://techpulse360.com/2008/09/24/streaming-media-west-roku-to-open-netflix-player-with-sdk-shifting-to-new-name-soon/). I know that's a "Gratis" issue, not necessarily a "Libre" issue, but still, this doesn't look at all like Open Source.

more than 6 years ago
top

Roku To Go Open Source

peterw Re:SlimServer/SqueezeCenter competitor (140 comments)

This is fantastic news. Hopefully they can make a decent competitor to Logitech's SqueezeCenter platform (also open source, multiplatform). It's fantastic for streaming across many different platforms, but is a bit clunky to use.

Dream on. SqueezeCenter is server-side Free Software (and client-side free-as-in-beer-but-not-speech software [SqueezePlay]); Roku only has client-side software, and they're only TALKING about releasing a free-as-in-beer SDK. So they're talking about releasing a subset of the sort of client-side free-as-in-beer code that Logitech has had for a while, and none of the free-as-in-speech server code that Logitech has offered for even longer.

And that's before you consider things like stability (Roku boxes crashing every 500 hours?). Kudos to Roku's press office for scoring the misleading /. headline, but ain't nothin' to see here.

more than 6 years ago

Submissions

peterw hasn't submitted any stories.

Journals

peterw has no journal entries.

Slashdot Login

Need an Account?

Forgot your password?