Heh, you don't even need to compromise WP's webservice... all you need to do is poison the client's dns. <br><br>That is kinda scary, good thing I used Lifetype! ;)<br><br><div><span class="gmail_quote">On 9/26/07,
<b class="gmail_sendername">Oscar Renalias</b> <<a href="mailto:oscar@renalias.net">oscar@renalias.net</a>> wrote:</span><blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">
I saw that yesterday too, but I think that the issue was totally blown<br>out of proportions.<br><br>If you remember, we've had a version notification system since LT<br>1.2.4 but I think we did it the right way compared to the way WP is
<br>doing it:<br><br>- The "version check" functionality is currently not automatic, so<br>users need to actively visit the "plugin centre" and/or the "versions"<br>screens and click a button to receive information about the most
<br>recent version and whether or not they should upgrade. I've<br>purposefully reserved the right to do this automatically in the<br>future, though (but it'll be opt-in or at least easy to disable)<br><br>- Our implementation is built based on RSS feeds, so the bulk of the
<br>processing is done on the client side. In the WP implementation,<br>they've got a web service that collects data from clients and informs<br>them whether they should upgrade or not. In our implementation, the<br>RSS feed just contains information about available versions and the
<br>client figures out whether the user need to upgrade or not. Our<br>implementation is also more secure, as it does not require any PHP<br>code on the server side (imagine if WP's web service were to be<br>compromised!)
<br><br>Oscar<br><br>On 9/26/07, Jon Daley <<a href="mailto:plogworld@jon.limedaley.com">plogworld@jon.limedaley.com</a>> wrote:<br>> If/when we add the thing that allows people to get a notification about a<br>> new version available, we'll have to add a way to disable it, since some
<br>> folks don't like their blog URL being sent to someone else. And to think<br>> I thought URLs were public, and the whole point of the internet was to<br>> have other people come to your site...<br>><br>
> <a href="http://yro.slashdot.org/yro/07/09/25/1632246.shtml">http://yro.slashdot.org/yro/07/09/25/1632246.shtml</a><br>><br>> --<br>> Jon Daley<br>> <a href="http://jon.limedaley.com/">http://jon.limedaley.com/
</a><br>><br>> One only needs two tools in life: WD-40 to<br>> make things go, and duct tape to make them stop.<br>> -- G. Weilacher<br>> _______________________________________________<br>> pLog-svn mailing list
<br>> <a href="mailto:pLog-svn@devel.lifetype.net">pLog-svn@devel.lifetype.net</a><br>> <a href="http://limedaley.com/mailman/listinfo/plog-svn">http://limedaley.com/mailman/listinfo/plog-svn</a><br>><br>_______________________________________________
<br>pLog-svn mailing list<br><a href="mailto:pLog-svn@devel.lifetype.net">pLog-svn@devel.lifetype.net</a><br><a href="http://limedaley.com/mailman/listinfo/plog-svn">http://limedaley.com/mailman/listinfo/plog-svn</a><br></blockquote>
</div><br>