[pLog-svn] some people are privacy crazed
Matt Wood
matt at woodzy.com
Wed Sep 26 11:44:59 EDT 2007
Of course none of that is automated...
On 9/26/07, Jon Daley <plogworld at jon.limedaley.com> wrote:
>
> Well, DNS poisoning can affect anyone, right? redirect
> lifetype.net to your machine to announce a new version, and then redirect
> sf.net for the download (or change the link on lifetype.net to have a
> direct download from that server, instead of using sourceforge)
> Once you are into DNS poisoning, you can't do much of anything on
> your computer that you can trust.
>
> On Wed, 26 Sep 2007, Matt Wood wrote:
>
> > Heh, you don't even need to compromise WP's webservice... all you need
> to do
> > is poison the client's dns.
> >
> > That is kinda scary, good thing I used Lifetype! ;)
> >
> > On 9/26/07, Oscar Renalias <oscar at renalias.net> wrote:
> >>
> >> I saw that yesterday too, but I think that the issue was totally blown
> >> out of proportions.
> >>
> >> If you remember, we've had a version notification system since LT
> >> 1.2.4 but I think we did it the right way compared to the way WP is
> >> doing it:
> >>
> >> - The "version check" functionality is currently not automatic, so
> >> users need to actively visit the "plugin centre" and/or the "versions"
> >> screens and click a button to receive information about the most
> >> recent version and whether or not they should upgrade. I've
> >> purposefully reserved the right to do this automatically in the
> >> future, though (but it'll be opt-in or at least easy to disable)
> >>
> >> - Our implementation is built based on RSS feeds, so the bulk of the
> >> processing is done on the client side. In the WP implementation,
> >> they've got a web service that collects data from clients and informs
> >> them whether they should upgrade or not. In our implementation, the
> >> RSS feed just contains information about available versions and the
> >> client figures out whether the user need to upgrade or not. Our
> >> implementation is also more secure, as it does not require any PHP
> >> code on the server side (imagine if WP's web service were to be
> >> compromised!)
> >>
> >> Oscar
> >>
> >> On 9/26/07, Jon Daley <plogworld at jon.limedaley.com> wrote:
> >>> If/when we add the thing that allows people to get a notification
> about
> >> a
> >>> new version available, we'll have to add a way to disable it, since
> some
> >>> folks don't like their blog URL being sent to someone else. And to
> >> think
> >>> I thought URLs were public, and the whole point of the internet was to
> >>> have other people come to your site...
> >>>
> >>> http://yro.slashdot.org/yro/07/09/25/1632246.shtml
> >>>
> >>> --
> >>> Jon Daley
> >>> http://jon.limedaley.com/
> >>>
> >>> One only needs two tools in life: WD-40 to
> >>> make things go, and duct tape to make them stop.
> >>> -- G. Weilacher
> >>> _______________________________________________
> >>> pLog-svn mailing list
> >>> pLog-svn at devel.lifetype.net
> >>> http://limedaley.com/mailman/listinfo/plog-svn
> >>>
> >> _______________________________________________
> >> pLog-svn mailing list
> >> pLog-svn at devel.lifetype.net
> >> http://limedaley.com/mailman/listinfo/plog-svn
> >>
> >
>
> --
> Jon Daley
> http://jon.limedaley.com/
>
> Proofreading is more effective after publication.
> -- Barker
> _______________________________________________
> pLog-svn mailing list
> pLog-svn at devel.lifetype.net
> http://limedaley.com/mailman/listinfo/plog-svn
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://limedaley.com/pipermail/plog-svn/attachments/20070926/c89f8ec2/attachment.htm
More information about the pLog-svn
mailing list