2010-06-18 front | Hacker News

We had a specific problem with the way we dealt with SPF records. Dustin didn't set any up, and there was a specific way that Robin Duckett's email server responded that caused us to flag it as a false negative for spoofing.

For the vast majority of users who use gmail, hotmail or other services, this was never an issue.

Since our launch on day one, we have taken email spoof detection very seriously. It's one of our core differentiators: to be able to securely post to your blog by emailing a single, easy to remember address. We don't want to do secret addresses or secret words.

Over the past 2 years, we've developed robust spoof detection ip and spend a ton of time trying to stay a step ahead of hackers. Fortunately, we've only had a few very specific, isolated cases where one of our sites was spoofed and each time we have improved our system.

Thanks for bringing this to our attention. We always need to be one step ahead of the hackers/spoofers, and we thank the Hacker News community for keeping us on our toes!

13.

Thoughts on OnLive (wolfire.com)

14.

Facebook's DKIM RSA key should be crackable (jgc.org)

15.

How To Be Your Own Boss (avc.com)

16.

EFF's HTTPS Everywhere Firefox plugin (eff.org)

17.

Questions to Ask When Interviewing at a Startup (instigatorblog.com)

sethg on June 18, 2010 | parent | context | on: "Men Who Do Nothing But Think."

They retired, and their successors do nothing but PowerPoint.

19.

That Sounds Smart (aaronsw.com)

robinduckett on June 18, 2010 | parent | context | on: You don’t need a password. Posterous fail.

I did it. Sorry Dustin. It really was me. I changed one field in outlook.

I realise Posterous requires you to "confirm" the post, I just wanted to see if you had defaulted that requirement to off.

21.

"Men Who Do Nothing But Think." (amazonaws.com)

22.

Simple guide to writing Elvish (starchamber.com)

23.

Forrst: Stack Overflow Meets Tumblr (readwriteweb.com)

24.

Area 51: We Come in Peace (propose the next Stack Overflow) (stackoverflow.com)

25.

Clowns to the Left, Jokers to the Right: On the Actual Ideology of the US Press (nyu.edu)

26.

PUT or POST: The REST of the Story (jcalcote.wordpress.com)

27.

Nobel Prize-Winning Writer Saramago Dead at 87 (nytimes.com)

Confusion on June 18, 2010 | parent | context | on: That Sounds Smart

  People who truly understand their subject should have no
  trouble writing for a popular audience.

This is false for at least two reasons.

1) People who truly understand their subject know they can't write for a popular audience without handwaving, partial truths and actually getting the complexity of the subject across. They may not want to write in that way.

2) The ability to 'think like a layman', properly estimate their background and slowly build up a story that they can follow without getting lost is a skill entirely different from 'knowing your subject'. It is prepostorous to suppose every intelligent person has that skill. It's a typical case where a lot of people mistake intelligence for skill and it's insulting to (technical) writers that have actually put effort into learning how to write.

All in all, I doubt whether 10% of all people that 'truly understand their subject' can write for a popular audience.

jcnnghm on June 18, 2010 | parent | context | on: You don’t need a password. Posterous fail.

It's possible to forge headers in certain circumstances. It's not easy. And this is the first time this has happened.

It's ridiculously easy to forge email headers. Headers are manually created whenever programmatically sending email messages. That's how messages can be sent from addresses that don't exist, like devnull@example.com or noreply@yourdomain.com. They don't even send a confirmation email that you have to approve before stuff is posted?

30.

How App Engine served the Humble Indie Bundle (googleappengine.blogspot.com)