David Rusenko
  • Blog
  • Photography
  • About
  • Contact
David Rusenko

Authorize.net MD5 mismatch

6/30/2010

 
Picture
Earlier today -- between 12:04 and 12:07pm PST, to be specific -- Authorize.net changed the way their API worked, unannounced, that caused successful transactions to not be recorded by us and many others, including ZenCart customers, and who knows how many others.

A Silent POST is the mechanism by which Authorize.net POSTs back to our servers to inform us of the outcome of a transaction. An MD5 hash is used to authenticate that the POST is legitimate, and one of the values hashed is the transaction amount.

Starting today, they are now passing the x_amount parameter back as 19.9500 (as an example) but still using 19.95 as the amount for the x_MD5_Hash parameter.

An immediate fix would require stripping out the last two 0's from x_amount (if present) when calculating the MD5 hash so that the computed md5 hash matches the x_MD5_Hash passed.

After having spent the better part of today figuring out what the problem was, fixing it, and manually reconciling hundreds of transactions, I'm really hoping they don't change the x_MD5_Hash tomorrow to rely on the new price format (x.xxxx), as it'll break everything all over again, and pretty much scuttle any chances I have of getting any thing done tomorrow.

If you're wondering why your transactions aren't showing up in your billing system, this is why.

And if it isn't clear enough, this is absolutely unacceptable. Not only is an unannounced API change to a heavily-used billing system horrendous, but this specific change is severely impacting customers, and Authorize.net are completely missing to fix the issue or answer any support requests.

Profitability != Revenue - Hosting

12/31/2008

 

I'm guilty of having made comments like this before, and I just saw another one today:

When we launched XYZ we started day 1 with a profitable, monetizable business model.

Profitability is not making $200/month, enough to cover your hosting costs. While generating revenue is exciting, you are not profitable if you are not getting paid a financially sustainable amount of money for your time. Here's a good definition of profitability from Investopedia:

What Does Profit Mean? A financial benefit that is realized when the amount of revenue gained from a business activity exceeds the expenses, costs and taxes needed to sustain the activity.

The ultimate purpose of any business is to generate revenue, and having a business model is much more necessary today than it was two years ago -- so bringing in any kind of revenue is exciting, and a notable accomplishment.

But saying that the business is profitable without accounting for the cost of your time is a bit of an amateur mistake, one I've made several times in the past.

Apple Genius: Not so smart after all

9/18/2008

 

I've been trying to set up Genius on iTunes 8 for the last few days, with no luck. I'm getting the "Genius results can't be updated right now. An unknown error occurred (4010)." message during Step 2, "Waiting for Apple to process information".

Looks like lots of other people are having this problem. What's so strange about it, is that it seems to come and go -- sometimes it works for people, sometimes it doesn't. Most people seem to think it's a server load issue.

None of us know if it's a server issue or not. But after the MobileMe fiasco, I'm starting to think that Apple is seriously unprepared in their "capacity planning" department.

Netvibes: ur doin it wrong!

3/17/2008

 

Netvibes, I've loved you since day 1, but you've been getting progressively worse and worse. Please, shake off your aspirations of ruling in the hot buzzword categories -- stop trying to be a social network, that's not why I use you, stop trying to be the end-all-be-all of widget embedding (ditto).

I don't really care about your new releases (Ginger, Coriander, paprika or whatever), I just want to be able to log-in every day and check my news feeds. I don't want to have to go through a painful "migration process" -- sounds like something taken out of an enterprise software book, definitely not suitable for a consumer product. And I don't want to have to request an invite to said migration process, get the email, input the invite into netvibes, begin migration, and have to wait hours until the migration is complete.

What I would like is if you fix your most basic bugs that have been there since day 1, instead of developing world-dominating features. The bugs that relate to your feed reader, the core of your product. Like the bug where when I have a feed open and the feed refreshes since I've had it open, the stories I click on display the story a few places up. Or the bug where about 50% of my feed will start the "Loading..." process, only to go completely blank -- the rest of my feed is ok though! Only half of it goes blank when it tries to load, the other half loads properly. That is especially annoying to me. Or the fact that hitting "refresh" on your feeds is flaky -- I usually have to reload the page if I really want to get a refresh.

I'd be the first to understand that everybody has their bugs. But before embarking on these huge feature releases, can you please fix the small things that have been there since the beginning?

EDIT: check out the comments on this blog post and this blog post -- looks like there are a lot of unhappy people.


Microsoft's Cafeteria

11/8/2007

 

While everybody's been raving about Google's food recently -- seared scallops, salmon stuffed with crab salad, shrimp tempura and an entire cheese station -- it's sorely disappointing to notice the lack of commentary on Microsoft's fabulous cuisine.

As opposed to mere food, at Microsoft's headquarters, they serve up fresh lines of cocaine, mushroom salad, and "special" brownies, compliments of the house.

Seriously. There's just no other explanation for why Internet Explorer is so bad. I just spent an hour working on a ridiculous iframe hack so that select boxes didn't jump on top of my color chooser (or everything else on the page, for that matter).

I also debugged a choice piece of code that I was able to fix by noting that IE won't set the innerHTML property of tables. Absolutely spectacular.

Work vs. Value

8/21/2007

 

One of my biggest frustrations with academia was the tendency to place emphasis on work. I've heard that this can be different at other institutions, but most people I've talked to generally agree that emphasis in college was placed on work.

Here's a recurring example: I'd often get a lower grade than other peers who "worked harder", even though my final grades or output were very clearly of a much higher quality. I generally didn't have much use for going to class, as I could learn what was presented much more efficiently on my own.

Not that I really cared about getting a B+ instead of an A -- if I did, I would have gone to every class. But it seems like the emphasis on work gives students the wrong priorities.

There seems to be two inputs to value: work and ability. If you have less ability, you can compensate by working harder than average. And if you have above average ability, you may tend to work less.

Note that ability doesn't necessarily directly translate to intelligence, and that I'm not downplaying hard work: those who both work hard and have ability will produce the most value.

But by putting emphasis squarely on work, academia is punishing those with above-average ability. My experience in college was that both the top 5% and bottom 5% of any given class did the least work, but doing less work was uniformly regarded as bad.

In the real world, though, value is most important. As an example, let's take two people who make pottery. One is a natural artist, and makes beautiful pottery. The other tries really, really hard, but the pottery isn't great. It may not be "fair" to the person who tried hard, but the beautiful pottery will be sold for much more money, as it's of higher value. What really matters to people is how much value you are providing them, not how much work you put into it.

I'm also not saying that ability can't be learned: in the above example, ability may represent both natural artistic abilities and learned skills.

It seems like a much better system would be to judge on value, and compare the final output. Those with less ability would be required to work harder to produce the same value -- they won't be taught that hard work without value is OK. And those with above average ability wouldn't be weighted down performing bullshit work; they'd have more time instead to focus on projects more interesting and useful to them.

What if Facebook loses my data?

7/19/2007

 

I just realized this past week that there is currently no way to export your contact information out of Facebook. A few applications that built this functionality have been taken off-line by request for TOS violations.

Which got me thinking: What would happen if Facebook lost my information? Having gone to college in the Facebook age, would I even know who my college friends were, and how to get in touch with them? (Honestly, probably not)

I sent this question off to Facebook support. Jamie replied:
"Unfortunately, the feature you are requesting is not presently available. We will keep your suggestion in mind, however, as we continue to improve the site. Let me know if you have any further questions."

With all of this excitement over Platform -- even more data in -- how do we find it acceptable that we're unable to back-up any data, at all? In 20 years, will I ever be able to get access to all of the interactions and information that I put into Facebook?

And how do we find it acceptable that Facebook is actively working against us getting any information out?

Edit: Alex3917 on news.YC posts: "There used to be an option to export to CSV. Looks like they got rid of it. The fact that they are actually removing functionality says something."

    Picture
    David co-founded Weebly, an incredibly easy to use tool that helps millions of people create a professional web site, blog or online store.

    He was named to Forbes'  30 under 30 list, is a part-time DJ and has traveled to over 20 countries.

    Investments include Cue, Parse, Exec, Churchkey, Streak, Incident Technologies, Adioso and Zenefits.

    RSS Feed


    Categories

    All
    Bobbyore
    Day To Day
    Misc
    Music
    Open Source
    Product Reviews
    Raising Money
    Rant
    San Francisco
    Scaling
    Startups
    Troubleshooting

    Blogroll

    Jessica Livingston
    Robby Walker
    Adam Smith

    Justin.tv
    Venture Hacks
    Uncrate
    Juno Day

    Flickr Photos

Proudly powered by Weebly