It seems that you're using an outdated browser. Some things may not work as they should (or don't work at all).
We suggest you upgrade newer and better browser like: Chrome, Firefox, Internet Explorer or Opera

×
Community
General discussion (archive)Bundle Stars(88 posts)(88 posts)
(88 posts)
Pages:
1
2
3
4
5
6
This is my favourite topic
Posted December 08, 2013
avatar
HeDanny: One of those bundles has Blades of Time Limited Edition (for me) and Puzzle Kingdoms (for my mum) which would be ok. What happens with the other games I have no interest in? Looks like they are steam keys? So no DRM-Free versions?
You could trade them in the Classifieds thread, or gift copies to friends or others, or host GOG giveaway threads, or just offer the game titles up in the Ninja thread for the first to reply and send the code in PM. Another option is steamgifts.com giveaways.

HTH
Posted December 08, 2013
avatar
HeDanny: One of those bundles has Blades of Time Limited Edition (for me) and Puzzle Kingdoms (for my mum) which would be ok. What happens with the other games I have no interest in? Looks like they are steam keys? So no DRM-Free versions?
Trade the keys (join the rest of the indie key traders in Classifieds....its like a disease), resell them (it *does* happen on certain forums.. yeah against the TOS..big deal ..it can and does happen), give them away, flush them down the toilet.....
They are 99% a Steam Key reseller...sometimes u get the odd desura but cant remember them doing drm free downloads at all.
Posted December 08, 2013
avatar
nijuu: Cant remember them doing drm free downloads at all.
Pushcat, StarDrone + OST, Jazz: Trumps Journey were direct downloads (Jazz didn't even have a Desura key) and they all seem to still work, but it was a while ago, in bundles #6 and #7.
Posted December 08, 2013
thanks for the replies. I might give it a miss. I'm not pure anti steam, but I would prefer to avoid it where possible. While it is good to know the keys are all individual and exchangeable, I'm too laxy for that. I still have steam gifts I bought years ago I've yet to list,

I already have Blades of time on xbox360 so can live without it on steam for now. Pretty sure I can get Puzzle Kingdom for Mum elsewhere so I'll keep looking.
Posted December 08, 2013
[Security warning] Hey guys, while logged into bundlestars today I noticed that the website is not using SSL anywhere, which is probably just a glitch introduced with the new (and very nice looking) site redesign. The downside of this is that any personal information/details including all of your game keys in your account will be sent over the Internet unencrypted if you log in and view them. This is probably unintentional, but it leaves an opportunity for 3rd parties to intercept and steal game keys. It's more of a threat to people who use wireless networking, especially in public places, or who might be using proxies or a service like Tor to access the Internet, but it is a security risk to everyone just the same. I've notified bundlestars of the problem and no doubt they'll fix it soon enough. I just wanted to give everyone here a heads up so that people can take steps to help protect their game keys there in the mean time.

The bundlestars website is available over https, and if you manually specify https://www.bundlestars.com you will get the site over SSL however their web links unfortunately link to http version of their own web pages so you'll remain logged in but your traffic will be insecure still. You can work around this problem for yourself if desired in a number of ways at least until bundlestars has updated their website to fix the problem.

Solutions for Firefox users:

1) Install the ForceTLS extension for Firefox - https://addons.mozilla.org/en-US/firefox/addon/force-tls and restart the browser if necessary, then go into the Tools -> ForceTLS Configuration on the firefox menu and type "bundlestars.com" into the "Website" field, check the box marked "Force Subdomains Too", and hit "Add Site". This will force Firefox to always load the bundlestars website over SSL from then on whether you click on a bookmark, a URL on a website, or type the site into the location bar manually - it will automatically override http to https for you on that site and all subdomains from then on.

2) Advanced users who have the HTTPS-Everywhere extension from the Electronic Frontier Foundation installed, can force HTTPS on bundlestars using that instead if desired. I'll leave it up to that extension's documentation on how to do that.

3) Advanced users who have the NoScript extension installed can go into options for HTTPS and add *.bundlestars.com there, and also go into the cookies tab and add it there too to force cookies over HTTPS.

There are likely other extensions/methods that can force HTTPS on websites using Firefox, but these 3 are probably the most popular and well known, and the first one is very minimalistic and just a front end to Firefox's built in functionality and easy to use even for a non-technical user.

Other browsers:
If you're using a different web browser, consult it's documentation to see if it has a feature for forcing HTTPS on websites and how to configure it, and go to that browser's addon marketplace/website and search for "force HTTPS" or "force SSL" to search for plugins for your other browser(s) as they almost certain exist for all browsers.

Hope this helps. I just thought I'd make this little public service announcement to help people protect their (possibly large) collections of game codes from being sniffed off the Internet due to lack of encryption being used there currently. I imagine that bundlestars will be on top of this soon and fix the site to always use SSL once you're logged in at least since they already have it set up to work minus a few glitches.

Yes, I'm a computer security nerd. :)

Practice safe hex! Enjoy! :)
Post edited December 09, 2013 by skeletonbow
Posted December 08, 2013
avatar
skeletonbow:
Nicely spotted - cheers!
Haven't logged in since the revamp so should be okay myself.
Posted December 09, 2013
avatar
skeletonbow: [Security warning] Hey guys, while logged into bundlestars today I noticed that the website is not using SSL anywhere, which is probably just a glitch introduced with the new (and very nice looking) site redesign.
Hi there, thanks for pointing this out (and for the nice comment on our redesign!). The SSL issue is now resolved. The account page is now encrypted although your browser may still show a broken padlock whilst we resolve a further issue that some images/CSS files are called over http rather than https. This does not effect the encryption of your keys when viewing the account page.
Posted December 09, 2013
avatar
hedwards: The Steam only policy is a much bigger deal to me than they're use of illegal spamming.
Bundle Stars does not engage in "illegal spamming", either in the one-year-old Facebook promotion you refer to, or in any way since. I'm sorry that we don't provide the kind of games that you personally prefer, and that you dislike Facebook, but please refrain from using slanderous accusations.
Post edited December 09, 2013 by bundlestars
Posted December 09, 2013
avatar
bundlestars: Bundle Stars does not engage in "illegal spamming", either in the one-year-old Facebook promotion you refer to, or in any way since. I'm sorry that we don't provide the kind of games that you personally prefer, and that you dislike Facebook, but please refrain from using slanderous accusations.
Mentioning a veiled legal threat and that infamous Facebook stunt in the same sentence is not likely to get you taken seriously.

While not acting illegally, Bundle Stars/FHI is certainly a little overzealous in the way it promotes its site (on average two mails a week at last count), and that Facebook promotion still hangs over your reputation like a dark shadow - you'd do well to remember that.
Post edited December 09, 2013 by jamyskis
Posted December 09, 2013
avatar
skeletonbow: [Security warning] Hey guys, while logged into bundlestars today I noticed that the website is not using SSL anywhere, which is probably just a glitch introduced with the new (and very nice looking) site redesign.
avatar
bundlestars: Hi there, thanks for pointing this out (and for the nice comment on our redesign!). The SSL issue is now resolved. The account page is now encrypted although your browser may still show a broken padlock whilst we resolve a further issue that some images/CSS files are called over http rather than https. This does not effect the encryption of your keys when viewing the account page.
Fantastic, I figured it was just a temporary glitch. Glad to see it fixed so promptly! If you haven't looked into it already you might also want to investigate adding HSTS (http strict transport security) support to your webserver configuration. The apache webserver and many others support this security standard which issues a special HTTP header to the web browser indicating it should lock the site onto https. This helps also ensure that sites always come over https in case of minor web programming errors such as embedded http links instead of https, etc. Browsers that support HSTS such as Firefox, Chrome etc. benefit from the added measure, and browsers that don't support it just ignore the header and function as if it weren't there normally. Hope this helps too!

Congrats on the new store also!

avatar
jamyskis: Mentioning a veiled legal threat and that infamous Facebook stunt in the same sentence is not likely to get you taken seriously.

While not acting illegally, Bundle Stars/FHI is certainly a little overzealous in the way it promotes its site (on average two mails a week at last count), and that Facebook promotion still hangs over your reputation like a dark shadow - you'd do well to remember that.
To each his own I guess, I subscribe to their announcements and appreciate getting the notifications they send out. They're not forced on anyone, they're opt-in, so if people don't want to receive them all they have to do is log into their account and opt-out. It's not SPAM if you opted into it, and you only receive it if you did. And calling it "illegal" is kind of laughable. I'd be interested in seeing someone cite the law that is allegedly being broken. ;o)

(Actually, I'm not interested, it's just a nonsense comment anyway.)
Post edited December 09, 2013 by skeletonbow
Posted December 09, 2013
avatar
skeletonbow: Fantastic, I figured it was just a temporary glitch. Glad to see it fixed so promptly! If you haven't looked into it already you might also want to investigate adding HSTS (http strict transport security) support to your webserver configuration. The apache webserver and many others support this security standard which issues a special HTTP header to the web browser indicating it should lock the site onto https. This helps also ensure that sites always come over https in case of minor web programming errors such as embedded http links instead of https, etc. Browsers that support HSTS such as Firefox, Chrome etc. benefit from the added measure, and browsers that don't support it just ignore the header and function as if it weren't there normally. Hope this helps too!

Congrats on the new store also!
Thanks for all your help skeletonbow. Please PM me if you'd like to receive a free bundle for your troubles (let me know which one). :)
Posted December 09, 2013
avatar
bundlestars: Thanks for all your help skeletonbow. Please PM me if you'd like to receive a free bundle for your troubles (let me know which one). :)
No prob. Happy to help out and thanks for the offer!
Posted December 09, 2013
Skeletonbow is the new resident Bundlestars rep :P
Posted December 09, 2013
avatar
nijuu: Skeletonbow is the new resident Bundlestars rep :P
No kidding...
Posted December 09, 2013
avatar
nijuu: Skeletonbow is the new resident Bundlestars rep :P
avatar
DarkoD13: No kidding...
There's a few GOGgers who are moonlighting as Steam/Humble Store reps so im not surprised ;)
Post edited December 09, 2013 by nijuu
Pages:
1
2
3
4
5
6
This is my favourite topic
Community
General discussion (archive)Bundle Stars(88 posts)(88 posts)
(88 posts)