[pLog-svn] some people are privacy crazed
Mark Wu
markplace at gmail.com
Wed Sep 26 11:59:40 EDT 2007
I just saw this news today.
As Oscar said, we use the different approach to compare the version number.
The lifetype get the newest version from lifetype.net through the RSS, and
compare the version in it's local machine.
So .... we don't get / collect / gather any information from users and keep
it in our server. ^_^
And, even found the new version available, user still need to download it
and install it manually ... A little bit lousy ... but more safe, I like
this way.
Mark
_____
From: plog-svn-bounces at devel.lifetype.net
[mailto:plog-svn-bounces at devel.lifetype.net] On Behalf Of Matt Wood
Sent: Wednesday, September 26, 2007 11:45 PM
To: LifeType Developer List
Subject: Re: [pLog-svn] some people are privacy crazed
Of course none of that is automated...
On 9/26/07, Jon Daley <plogworld at jon.limedaley.com> wrote:
Well, DNS poisoning can affect anyone, right? redirect
lifetype.net to your machine to announce a new version, and then redirect
sf.net for the download (or change the link on lifetype.net to have a
direct download from that server, instead of using sourceforge)
Once you are into DNS poisoning, you can't do much of anything on
your computer that you can trust.
On Wed, 26 Sep 2007, Matt Wood wrote:
> Heh, you don't even need to compromise WP's webservice... all you need to
do
> is poison the client's dns.
>
> That is kinda scary, good thing I used Lifetype! ;)
>
> On 9/26/07, Oscar Renalias <oscar at renalias.net> wrote:
>>
>> I saw that yesterday too, but I think that the issue was totally blown
>> out of proportions.
>>
>> If you remember, we've had a version notification system since LT
>> 1.2.4 but I think we did it the right way compared to the way WP is
>> doing it:
>>
>> - The "version check" functionality is currently not automatic, so
>> users need to actively visit the "plugin centre" and/or the "versions"
>> screens and click a button to receive information about the most
>> recent version and whether or not they should upgrade. I've
>> purposefully reserved the right to do this automatically in the
>> future, though (but it'll be opt-in or at least easy to disable)
>>
>> - Our implementation is built based on RSS feeds, so the bulk of the
>> processing is done on the client side. In the WP implementation,
>> they've got a web service that collects data from clients and informs
>> them whether they should upgrade or not. In our implementation, the
>> RSS feed just contains information about available versions and the
>> client figures out whether the user need to upgrade or not. Our
>> implementation is also more secure, as it does not require any PHP
>> code on the server side (imagine if WP's web service were to be
>> compromised!)
>>
>> Oscar
>>
>> On 9/26/07, Jon Daley <plogworld at jon.limedaley.com> wrote:
>>> If/when we add the thing that allows people to get a notification about
>> a
>>> new version available, we'll have to add a way to disable it, since some
>>> folks don't like their blog URL being sent to someone else. And to
>> think
>>> I thought URLs were public, and the whole point of the internet was to
>>> have other people come to your site...
>>>
>>> http://yro.slashdot.org/yro/07/09/25/1632246.shtml
>>>
>>> --
>>> Jon Daley
>>> http://jon.limedaley.com/
>>>
>>> One only needs two tools in life: WD-40 to
>>> make things go, and duct tape to make them stop.
>>> -- G. Weilacher
>>> _______________________________________________
>>> pLog-svn mailing list
>>> pLog-svn at devel.lifetype.net <mailto:pLog-svn at devel.lifetype.net>
>>> http://limedaley.com/mailman/listinfo/plog-svn
>>>
>> _______________________________________________
>> pLog-svn mailing list
>> pLog-svn at devel.lifetype.net
>> http://limedaley.com/mailman/listinfo/plog-svn
>>
>
--
Jon Daley
http://jon.limedaley.com/
Proofreading is more effective after publication.
-- Barker
_______________________________________________
pLog-svn mailing list
pLog-svn at devel.lifetype.net
http://limedaley.com/mailman/listinfo/plog-svn
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://limedaley.com/pipermail/plog-svn/attachments/20070926/62ea2530/attachment-0001.htm
More information about the pLog-svn
mailing list