How To Cost Microsoft Money (no vibrating here!)
September 28, 2004 8:39 PM   Subscribe

How To Cost Microsoft Money. Microsoft has a form on their website that you can fill out to get a copy of Windows XP SP2 on CD at no charge (with free shipping by Purolator). I ordered one. Then, at the Order Confirmation screen, I clicked Back, then Refresh, then Retry (since the form had to be posted again). I did this 149 times......
posted by KevinSkomsvold (47 comments total)
 
Kevin, I know you miss Layne too but you've gotta find something better to do with your time!

Still, pretty funny anyway, will you take a picture when you get a stack of 149 SP2 CDs?
posted by fenriq at 8:42 PM on September 28, 2004


Heheh.. Should have italicized. It wasn't me that ordered them.

Who is this "Layne"?
posted by KevinSkomsvold at 8:48 PM on September 28, 2004


Yeah, that's just damned hilarious. I'll think about this and chuckle warmly next time I have to pay $300 for a copy of WinXP Pro.

Holy shit . . . "how to cost Microsoft money"?!? Is this fucktard really so dense as to not realize this expense will be passed *DIRECTLY* on to Microsoft's customers (or, as someone on that forum pointed out, recouped by outsourcing jobs to far-off countries)?
posted by wdpeck at 8:50 PM on September 28, 2004


It's pretty funny how a company supposedly at the forefront of technology either couldn't couldn't come up with or never bothered with a solution to that particular possibility.

It's why I get a bit of a giggle when I see how many companies are putting their faith in .NET nowadays.
posted by clevershark at 8:53 PM on September 28, 2004


Yep, Clever. My thoughts exactly. Per one of the forum posts, it looks like it took two weeks for them to "fix the glitch".
posted by KevinSkomsvold at 8:56 PM on September 28, 2004


Wait, am I on the wrong site? This doesn't look like SlashDot!?
posted by falconred at 9:01 PM on September 28, 2004


We've got sp2!
posted by Mick at 9:25 PM on September 28, 2004


Is this something I'd have to be 12 years old to think is funny? Because I'm not 12 years old.
posted by Ethereal Bligh at 9:25 PM on September 28, 2004


Maybe msoft should have outsourced the mailings (I'd assume that they do, but maybe not). Most bulk / junk mail companies constantly check for dupes in addresses, even with seperate mailings.

I would have been more ammused by the thread if they had done it just to get a bunch of junk mail, and not for sake of ripping off microgates. (<-- btw, that was a typo, time for sleep).
posted by tomplus2 at 9:27 PM on September 28, 2004


Way to stick it to the Man.
posted by geoff. at 9:29 PM on September 28, 2004


It's a pretty stupid stunt all right (why 149?), but it's one that takes advantage of a pretty stupid application design by the very same company that wants to put its software on your PC and on your company's servers.

So, hate the stunt, but there's no bloody way that this should have been allowed to happen in the first place... or at least, not if M$ took application design seriously.
posted by clevershark at 9:30 PM on September 28, 2004


Which is amusing, since considering the cost of the CD ($1), envelope ($1), and shipping by Purolator ($5 with a huge volume agreement?), this cost Microsoft...

Drum roll, please...

$1,050.


The quality of that estimate is exactly what I'd expect from some asshat ridiculous enough to try this.
posted by mote at 9:38 PM on September 28, 2004


(why 149?)

After he ordered his first one he hit back and refresh 149 times, for a grand total of 150 CDs of SP2, which is a nice round number and people like nice, round numbers.
posted by ChasFile at 9:38 PM on September 28, 2004


Because I'm not 12 years old.

Aw jeeze, NOT ANOTHER PERSONAL ANECDOTE.
posted by Krrrlson at 9:44 PM on September 28, 2004


Oops... my mistake :-)
posted by clevershark at 9:51 PM on September 28, 2004


I have to say, there is absolutely no good reason to do this.
posted by mcsweetie at 9:59 PM on September 28, 2004


Mote wins the thread.

Meanwhile, if you start handing these out to people that might have requested or downloaded this patch anyway, how is that costing Microsoft money?
posted by krisjohn at 9:59 PM on September 28, 2004


nay sayers should take a nap.
posted by Satapher at 10:27 PM on September 28, 2004


Looks like they limit the order amount to ten now:
Microsoft limits the quantity of Windows XP Service Pack 2 CD-ROMs that may be ordered by a single customer to ten (10) CD-ROMs. Please note that one (1) CD can be installed on several computers running Windows XP, and can be shared with others. Accordingly, you may not order more than the ten (10) CD-ROMs limit.

If you are a business or other institution looking for multiple Service Pack 2 CDs to distribute, please contact your local Microsoft representative or account manager for more information.
posted by rhapsodie at 10:41 PM on September 28, 2004


This is why we can't have nice things.
posted by Veritron at 11:16 PM on September 28, 2004


veritron made me laugh. the guy trying to cost MS money didn't.
posted by sharpener at 11:24 PM on September 28, 2004


Definitely uncool. The day I start filling landfills for fun, somebody can come round my house and shoot me.
posted by seanyboy at 12:26 AM on September 29, 2004


A few months ago Microsoft gave away free security posters... in packages of 75. A lot of individuals ordered packs and threw 74 or 75 away.
posted by donth at 1:10 AM on September 29, 2004


Seany: Yeah good point. What a total sack this guy is.
posted by ed\26h at 1:29 AM on September 29, 2004


"It's a pretty stupid stunt all right (why 149?), but it's one that takes advantage of a pretty stupid application design by the very same company that wants to put its software on your PC and on your company's servers."

Maybe they thought "perhaps this guy supports 149 off-site clients who run XP and need this shipping out to them from his centre".
posted by ed\26h at 1:32 AM on September 29, 2004


A simple line of code would have prevented this from happening.

I say, punish sloppy coding.
posted by SpaceCadet at 1:40 AM on September 29, 2004


... a pretty stupid application design ...

That "application design" was probably hacked together in about 5 minutes by a cubicle drone who's never coded in anything but VBScript. Probably not even a regular MS employee. Maybe not even at Microsoft.

That "application design" would have failed because of no inherent weaknesses in ASP -- I've seen as silly stuff in PHP or conventional CGI.

In short, the "failure" most likely had little to do with MS per se, and (probably) almost everything to do with the attention to detail -- probably driven by workload pressures and experience -- of one coder.

The one arguable fault on MS's part in this lies in not producing a single coherent site architecture, such that the person doing this could just fire up a template and have a working order form, free of glitches. The reason why they *don't* do that is the same reason it took them weeks to fix it, and it's got nothing to do with software: Microsoft is a big company. In big companies, it's hard to get things like that done, especially if they were done quickly by some drone who doesn't even remember it was on his to-do list three weeks before.

Good grief, I loathe MS products as much as (and probably more than) the next geek, but let's get real. It was a juvenile stunt, and it proved nothing.
posted by lodurr at 1:49 AM on September 29, 2004


In short, the "failure" most likely had little to do with MS per se, and (probably) almost everything to do with the attention to detail -- probably driven by workload pressures and experience -- of one coder.

i don't know if it's par for the course for microsoft but usually isn't there's some process and documentation involved in getting a page made? requirements and design signoffs, code review, qa pass, tech comm pass, and legal pass are going to involve more than a single coder, outsourcing or not.
posted by juv3nal at 2:13 AM on September 29, 2004


A simple line of code would have prevented this from happening. I say, punish sloppy coding.

You think?
posted by ed\26h at 2:25 AM on September 29, 2004


This strikes me as an incredibly lame thing to do. Ordering a pair of shoes from Nike with the word sweatshop on it is both funny and subversive. This is neither.

To quote from someone that clearly did find it amusing:

"lol
lol
lol
lol
that hallerous "

Quite.
posted by nthdegx at 2:33 AM on September 29, 2004


this is the gayest thing i've heard of all month
posted by shoos at 3:26 AM on September 29, 2004


A simple line of code would have prevented this from happening. I say, punish sloppy coding.

You think?


My guess is they store each person who requests a CD-ROM in a database. A simple look-up will see if anyone with that house no/postcode has already ordered. If they allow 10 copies per person, have a dropdown list that allows people to order 1-10 CDs.

A guy allowed to order 150 CD-ROMs should not have been a member of the public - it should have been someone in Microsoft's testing department, who would then have reported the bug. If such simple errors are allowed to occur, I have little sympathy when they are abused.


That "application design" would have failed because of no inherent weaknesses in ASP -- I've seen as silly stuff in PHP or conventional CGI.


It has little to do with the server-side code used (as you say) - one SQL statement could have trapped this error.
posted by SpaceCadet at 4:48 AM on September 29, 2004


Well, ambiguous as I was, that’s not really what I was saying. More that, forgetting the fact that this guy has directly caused a tremendous waste of resources and your personal sympathies aside, do you think he was perfectly justified in doing this?
posted by ed\26h at 4:58 AM on September 29, 2004


put it this way: if it was something other than a (freely available for download) service pack on cd - say like if it was, perhaps, a free copy of windowsXP pro, or office 2003 maybe - would any of us be sitting here debating how dumb a stunt this was? no. we'd be all sitting here trying to see if we could find the URL and order our own free copy.

long story short: the guy found and exploited a loophole, just to see if he could do it. waste of time? sure. but it still demostrates a simple lack of error checking on the part of microsoft. yes, they are a big company - which does make it hard to do things simply - but that also gives them less of an excuse for not testing and fixing simple errors before going live with a website, as they ought to have the human and monetary resources available to do so.
posted by caution live frogs at 5:31 AM on September 29, 2004


do you think he was perfectly justified in doing this?

Justified? Yes, because he broke no laws (as far as I can see), and he was allowed to do it.

I agree that it was an unnecessary waste of resources if they're just sitting in a pile in his bedroom, but then maybe he will hand these CDs out to 150 people who need SP2, in which case, he's doing Microsoft a favour.
posted by SpaceCadet at 5:41 AM on September 29, 2004


Hyperbole-filter - this thread not only over-emphasizes the effect on Microsoft of mailing out CDs, but diminishes the difficulties faced by web developers. This is not a one-line-of-code problem, nor should it matter how many lines of code it takes to do a particular task. Many web developers do not know how to prevent this problem, because it can be thorny.

It has little to do with the server-side code used (as you say) - one SQL statement could have trapped this error.


This is a db-centric point of view. Trapping the SQL error (if you let the user get to the point of doing the insert, which I would not) is only the beginning, and usually takes multiple lines of code in itself. You also need to present the error to the user, and handle page navigation accordingly, preserving form input while you are at it. It is usually more effective to prevent multiple form submits with client-side code, backed up by server-side code that prevents another submit within the same session, and, finally, is prevented by SQL should the user manage to circumvent the other checks.

So this snickering mockery of the developer is kinda lame. Someone did not do their job right, but there are few aspects of web development that are truly trivial. A much more interesting thread to me would have talked about why this kind of problem continues to happen, even to Microsoft. Talk about stateless HTTP, stateless browsers, the meshing of a minimum of three languages...

Ok I have to stop now. I am now late for work, and I will have to skip adding that multiple-form submission code for the client demo tomorrow. I will get to it later.
posted by SNACKeR at 5:53 AM on September 29, 2004


That "application design" was probably hacked together in about 5 minutes by a cubicle drone who's never coded in anything but VBScript. Probably not even a regular MS employee. Maybe not even at Microsoft.

That "application design" would have failed because of no inherent weaknesses in ASP -- I've seen as silly stuff in PHP or conventional CGI.


I didn't say it was a weakness of ASP. Obviously it was an application design problem in the web application that handles that particular CD order. Of course it can happen in any language.

However it does give a glimpse into what passes for "quality" at Microsoft. This is not a coding problem. It's a "normal" situation that should have been foreseen during the design phase. Whether it's fixed at the SQL or the ASPx level is irrelevant. Fact is once an order has been processed for a particular web session that same session shouldn't have been able to repeat said order ad infinitum.
posted by clevershark at 6:59 AM on September 29, 2004


this is the gayest thing i've heard of all month
posted by shoos at 6:26 AM EST on September 29


Where's amberglow when we need him most?
posted by grateful at 7:16 AM on September 29, 2004


Spacecadet: I was referring to ethically justified rather than legally.
posted by ed\26h at 7:42 AM on September 29, 2004


So this snickering mockery of the developer is kinda lame.

I don't know....there are a number of solutions to this problem....I just think there are ways to open a nut other than use a sledgehammer, though.

Trapping the SQL error (if you let the user get to the point of doing the insert, which I would not)

Not an insert, a SELECT query. This determines whether the user has already requested a CD-ROM (this assumes of course that they are using a database in the first place to record CD-ROM requests).

It is usually more effective to prevent multiple form submits with client-side code

Well, as a web-app guy myself, I'd consider a robust solution to the problem would be to avoid client-side error trapping. For one, anyone malicious or determined enough could view source and submit a custom-made form sans the client-side code that checked for problems.

I think an elegant solution is to do one single SQL query to see if this person has already ordered, via a unique identifier. If so, set a server-side variable to flag this user (store IP address in this variable), so if they submit again, no need to run SQL query again as variable alerts this person has already tried to submit (matches IPs). If anyone tries to go through anonymous IP, it costs us only one extra SQL query.

I do realise there are always 100 hundred ways to do things like this though....I just start from extremley simple, and work my way very reluctantly to complicated if it's only absolutely necessary.


Spacecadet: I was referring to ethically justified rather than legally.


Ethically? As I said, it depends what he does with the CDs....he may be doing Microsoft a favour by handing these CDs out to 150 people that need them....or he might be making some kind of art installation out of them with an anti-Microsoft message behind it. Who knows....for sure, they let him order 150 of them, and delivered them to his door.
posted by SpaceCadet at 7:51 AM on September 29, 2004


God must be dead for this to be allowed.
posted by Slagman at 8:29 AM on September 29, 2004


Oh, great, and all these CDs are gonna end up in the Humane Society's CD Refuge, where some minimum-wage lackey will be forced to euthanize them after a week. Nice.
posted by ZippityBuddha at 1:17 PM on September 29, 2004


The quality of that estimate is exactly what I'd expect from some asshat ridiculous enough to try this.
Have to agree, since I've seen smaller companies shipping CDs over night with cheaper costs for their CDs and overnight shipping charges.
posted by thomcatspike at 1:56 PM on September 29, 2004


Does the original poster think Microsoft is actually out over $1000? Where does he think the money comes from? All he really succeeded in doing was driving up the cost of Microsoft products. Congratulations - you've just stolen $1 from 1000 random people. If only he'd put that much effort every day into tying up a spammer's resources - ordering literature, tying up customer service reps, etc., he might actually have had a positive effect.
posted by gregor-e at 3:40 PM on September 29, 2004


I have to say, there is absolutely no good reason to do this.
Which is as good a reason as any to do it.
posted by dg at 7:50 PM on September 29, 2004


I wonder what would happen if you entered the shipping address as that of Microsoft itself? ;-)
posted by insomnia_lj at 1:17 PM on September 30, 2004


That is so gay. Jesus.
posted by shoos at 2:46 AM on October 1, 2004


« Older The Final Solution   |   Woody Allen on the 2004 Election Newer »


This thread has been archived and is closed to new comments