Of course none of that is automated... <br><br><div><span class="gmail_quote">On 9/26/07, <b class="gmail_sendername">Jon Daley</b> <<a href="mailto:plogworld@jon.limedaley.com">plogworld@jon.limedaley.com</a>> wrote:
</span><blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;"> Well, DNS poisoning can affect anyone, right? redirect<br><a href="http://lifetype.net">
lifetype.net</a> to your machine to announce a new version, and then redirect<br><a href="http://sf.net">sf.net</a> for the download (or change the link on <a href="http://lifetype.net">lifetype.net</a> to have a<br>direct download from that server, instead of using sourceforge)
<br> Once you are into DNS poisoning, you can't do much of anything on<br>your computer that you can trust.<br><br>On Wed, 26 Sep 2007, Matt Wood wrote:<br><br>> Heh, you don't even need to compromise WP's webservice... all you need to do
<br>> is poison the client's dns.<br>><br>> That is kinda scary, good thing I used Lifetype! ;)<br>><br>> On 9/26/07, Oscar Renalias <<a href="mailto:oscar@renalias.net">oscar@renalias.net</a>> wrote:
<br>>><br>>> I saw that yesterday too, but I think that the issue was totally blown<br>>> out of proportions.<br>>><br>>> If you remember, we've had a version notification system since LT
<br>>> 1.2.4 but I think we did it the right way compared to the way WP is<br>>> doing it:<br>>><br>>> - The "version check" functionality is currently not automatic, so<br>>> users need to actively visit the "plugin centre" and/or the "versions"
<br>>> screens and click a button to receive information about the most<br>>> recent version and whether or not they should upgrade. I've<br>>> purposefully reserved the right to do this automatically in the
<br>>> future, though (but it'll be opt-in or at least easy to disable)<br>>><br>>> - Our implementation is built based on RSS feeds, so the bulk of the<br>>> processing is done on the client side. In the WP implementation,
<br>>> they've got a web service that collects data from clients and informs<br>>> them whether they should upgrade or not. In our implementation, the<br>>> RSS feed just contains information about available versions and the
<br>>> client figures out whether the user need to upgrade or not. Our<br>>> implementation is also more secure, as it does not require any PHP<br>>> code on the server side (imagine if WP's web service were to be
<br>>> compromised!)<br>>><br>>> Oscar<br>>><br>>> On 9/26/07, Jon Daley <<a href="mailto:plogworld@jon.limedaley.com">plogworld@jon.limedaley.com</a>> wrote:<br>>>> If/when we add the thing that allows people to get a notification about
<br>>> a<br>>>> new version available, we'll have to add a way to disable it, since some<br>>>> folks don't like their blog URL being sent to someone else. And to<br>>> think<br>>>> I thought URLs were public, and the whole point of the internet was to
<br>>>> have other people come to your site...<br>>>><br>>>> <a href="http://yro.slashdot.org/yro/07/09/25/1632246.shtml">http://yro.slashdot.org/yro/07/09/25/1632246.shtml</a><br>>>><br>
>>> --<br>>>> Jon Daley<br>>>> <a href="http://jon.limedaley.com/">http://jon.limedaley.com/</a><br>>>><br>>>> One only needs two tools in life: WD-40 to<br>>>> make things go, and duct tape to make them stop.
<br>>>> -- G. Weilacher<br>>>> _______________________________________________<br>>>> pLog-svn mailing list<br>>>> <a href="mailto:pLog-svn@devel.lifetype.net">pLog-svn@devel.lifetype.net
</a><br>>>> <a href="http://limedaley.com/mailman/listinfo/plog-svn">http://limedaley.com/mailman/listinfo/plog-svn</a><br>>>><br>>> _______________________________________________<br>>> pLog-svn mailing list
<br>>> <a href="mailto:pLog-svn@devel.lifetype.net">pLog-svn@devel.lifetype.net</a><br>>> <a href="http://limedaley.com/mailman/listinfo/plog-svn">http://limedaley.com/mailman/listinfo/plog-svn</a><br>>>
<br>><br><br>--<br>Jon Daley<br><a href="http://jon.limedaley.com/">http://jon.limedaley.com/</a><br><br>Proofreading is more effective after publication.<br>-- Barker<br>_______________________________________________
<br>pLog-svn mailing list<br><a href="mailto:pLog-svn@devel.lifetype.net">pLog-svn@devel.lifetype.net</a><br><a href="http://limedaley.com/mailman/listinfo/plog-svn">http://limedaley.com/mailman/listinfo/plog-svn</a><br></blockquote>
</div><br>