<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD>
<META http-equiv=Content-Type content="text/html; charset=us-ascii">
<META content="MSHTML 6.00.6000.16525" name=GENERATOR></HEAD>
<BODY>
<DIV dir=ltr align=left><SPAN class=537085415-26092007><FONT face=新細明體
color=#0000ff size=2>I just saw this news today.</FONT></SPAN></DIV>
<DIV dir=ltr align=left><SPAN class=537085415-26092007><FONT face=新細明體
color=#0000ff size=2></FONT></SPAN> </DIV>
<DIV dir=ltr align=left><SPAN class=537085415-26092007><FONT face=新細明體
color=#0000ff size=2>As Oscar said, we use the different approach to compare the
version number. </FONT></SPAN></DIV>
<DIV dir=ltr align=left><SPAN class=537085415-26092007><FONT face=新細明體
color=#0000ff size=2></FONT></SPAN> </DIV>
<DIV dir=ltr align=left><SPAN class=537085415-26092007><FONT face=新細明體
color=#0000ff size=2>The lifetype get the newest version from lifetype.net
through the RSS, and compare the version in it's local
machine.</FONT></SPAN></DIV>
<DIV dir=ltr align=left><SPAN class=537085415-26092007><FONT face=新細明體
color=#0000ff size=2></FONT></SPAN> </DIV>
<DIV dir=ltr align=left><SPAN class=537085415-26092007><FONT face=新細明體
color=#0000ff size=2>So .... we don't get / collect / gather
any information from users and keep it in our server.
^_^</FONT></SPAN></DIV>
<DIV dir=ltr align=left><SPAN class=537085415-26092007><FONT face=新細明體
color=#0000ff size=2></FONT></SPAN> </DIV>
<DIV dir=ltr align=left><SPAN class=537085415-26092007><FONT face=新細明體
color=#0000ff size=2>And, even found the new version available, user still need
to download it and install it manually ... A little bit lousy ... but more safe,
I like this way.</FONT></SPAN></DIV>
<DIV dir=ltr align=left><SPAN class=537085415-26092007><FONT face=新細明體
color=#0000ff size=2></FONT></SPAN> </DIV>
<DIV dir=ltr align=left><SPAN class=537085415-26092007><FONT face=新細明體
color=#0000ff size=2>Mark</FONT></SPAN></DIV><BR>
<BLOCKQUOTE
style="PADDING-LEFT: 5px; MARGIN-LEFT: 5px; BORDER-LEFT: #0000ff 2px solid; MARGIN-RIGHT: 0px">
<DIV class=OutlookMessageHeader lang=zh-tw dir=ltr align=left>
<HR tabIndex=-1>
<FONT face=Tahoma size=2><B>From:</B> plog-svn-bounces@devel.lifetype.net
[mailto:plog-svn-bounces@devel.lifetype.net] <B>On Behalf Of </B>Matt
Wood<BR><B>Sent:</B> Wednesday, September 26, 2007 11:45 PM<BR><B>To:</B>
LifeType Developer List<BR><B>Subject:</B> Re: [pLog-svn] some people are
privacy crazed<BR></FONT><BR></DIV>
<DIV></DIV>Of course none of that is automated... <BR><BR>
<DIV><SPAN class=gmail_quote>On 9/26/07, <B class=gmail_sendername>Jon
Daley</B> <<A
href="mailto:plogworld@jon.limedaley.com">plogworld@jon.limedaley.com</A>>
wrote: </SPAN>
<BLOCKQUOTE class=gmail_quote
style="PADDING-LEFT: 1ex; MARGIN: 0pt 0pt 0pt 0.8ex; BORDER-LEFT: rgb(204,204,204) 1px solid"> Well,
DNS poisoning can affect anyone, right? redirect<BR><A
href="http://lifetype.net">lifetype.net</A> to your machine to announce a
new version, and then redirect<BR><A href="http://sf.net">sf.net</A> for the
download (or change the link on <A
href="http://lifetype.net">lifetype.net</A> to have a<BR>direct download
from that server, instead of using sourceforge)
<BR> Once you are into DNS
poisoning, you can't do much of anything on<BR>your computer that you can
trust.<BR><BR>On Wed, 26 Sep 2007, Matt Wood wrote:<BR><BR>> Heh, you
don't even need to compromise WP's webservice... all you need to do <BR>>
is poison the client's dns.<BR>><BR>> That is kinda scary, good thing
I used Lifetype! ;)<BR>><BR>> On 9/26/07, Oscar Renalias <<A
href="mailto:oscar@renalias.net">oscar@renalias.net</A>> wrote:
<BR>>><BR>>> I saw that yesterday too, but I think that the
issue was totally blown<BR>>> out of
proportions.<BR>>><BR>>> If you remember, we've had a version
notification system since LT <BR>>> 1.2.4 but I think we did it the
right way compared to the way WP is<BR>>> doing
it:<BR>>><BR>>> - The "version check" functionality is currently
not automatic, so<BR>>> users need to actively visit the "plugin
centre" and/or the "versions" <BR>>> screens and click a button to
receive information about the most<BR>>> recent version and whether or
not they should upgrade. I've<BR>>> purposefully reserved the right to
do this automatically in the <BR>>> future, though (but it'll be
opt-in or at least easy to disable)<BR>>><BR>>> - Our
implementation is built based on RSS feeds, so the bulk of the<BR>>>
processing is done on the client side. In the WP implementation,
<BR>>> they've got a web service that collects data from clients and
informs<BR>>> them whether they should upgrade or not. In our
implementation, the<BR>>> RSS feed just contains information about
available versions and the <BR>>> client figures out whether the user
need to upgrade or not. Our<BR>>> implementation is also more secure,
as it does not require any PHP<BR>>> code on the server side (imagine
if WP's web service were to be <BR>>>
compromised!)<BR>>><BR>>> Oscar<BR>>><BR>>> On
9/26/07, Jon Daley <<A
href="mailto:plogworld@jon.limedaley.com">plogworld@jon.limedaley.com</A>>
wrote:<BR>>>> If/when we add the thing that allows people to get a
notification about <BR>>> a<BR>>>> new version available,
we'll have to add a way to disable it, since some<BR>>>> folks
don't like their blog URL being sent to someone else. And
to<BR>>> think<BR>>>> I thought URLs were public, and the
whole point of the internet was to <BR>>>> have other people come
to your site...<BR>>>><BR>>>> <A
href="http://yro.slashdot.org/yro/07/09/25/1632246.shtml">http://yro.slashdot.org/yro/07/09/25/1632246.shtml</A><BR>>>><BR>>>>
--<BR>>>> Jon Daley<BR>>>> <A
href="http://jon.limedaley.com/">http://jon.limedaley.com/</A><BR>>>><BR>>>>
One only needs two tools in life: WD-40 to<BR>>>> make things go,
and duct tape to make them stop. <BR>>>> -- G.
Weilacher<BR>>>>
_______________________________________________<BR>>>> pLog-svn
mailing list<BR>>>> <A
href="mailto:pLog-svn@devel.lifetype.net">pLog-svn@devel.lifetype.net
</A><BR>>>> <A
href="http://limedaley.com/mailman/listinfo/plog-svn">http://limedaley.com/mailman/listinfo/plog-svn</A><BR>>>><BR>>>
_______________________________________________<BR>>> pLog-svn mailing
list <BR>>> <A
href="mailto:pLog-svn@devel.lifetype.net">pLog-svn@devel.lifetype.net</A><BR>>>
<A
href="http://limedaley.com/mailman/listinfo/plog-svn">http://limedaley.com/mailman/listinfo/plog-svn</A><BR>>>
<BR>><BR><BR>--<BR>Jon Daley<BR><A
href="http://jon.limedaley.com/">http://jon.limedaley.com/</A><BR><BR>Proofreading
is more effective after publication.<BR>--
Barker<BR>_______________________________________________ <BR>pLog-svn
mailing list<BR><A
href="mailto:pLog-svn@devel.lifetype.net">pLog-svn@devel.lifetype.net</A><BR><A
href="http://limedaley.com/mailman/listinfo/plog-svn">http://limedaley.com/mailman/listinfo/plog-svn</A><BR></BLOCKQUOTE></DIV><BR></BLOCKQUOTE></BODY></HTML>