I mean, on mobile(in particular), it is indeed awful, but I don't think it's expected or needed to be responsive(or otherwise optimized-for-mobile) at this point in the products life-cycle.
Yes there's a lot of room for improvement(as there is on every site, keep in mind web design is largely based on personal preference) the parent-poster's kind of response though is not productive.
This is due to insane usage of the extract() function. Not a vulnerability with the function itself.
You can pass user-supplied input directly to plenty of other functions which have equally idiotic outcomes, it doesn't mean that they have vulnerabilities, it means the author is a liability.
It was indeed an excellent course and for any would-be participants I recommend buffing up on discrete mathematics and number theory already if they're not your strong suit.
I found the course pretty hard as programmer with a strong interest in crypto, but no formal CS/maths background. The coding pieces were fairly straightforward, but the maths hurt.
You could try Engine Yard (https://www.engineyard.com/), I think they are using EC2 (has a datacenter in Ireland).
Can't vouch for how "good" their PHP offering is having never used it, definitely a passionate team though, I've met several of them over the years at PHP related conferences (in the UK) as the company has grown.
I can vouch for it - it's solid. Feel free to jump into #engineyard on IRCFreenode if you have any questions - or just use the trial hours to spin up a staging version and give it a try.
Your reply made me smile. You're quite right, but only up to a point. An emphasis on security that compromises usability can backfire and start to make things less secure.
For example, enforcing a 32 character passphrase with at least 1 non-alphanumeric character would be incredibly secure, but users will start writing down their password on post-its near their terminals, and suddenly all that 'security' evaporates because you've introduced an artificial weak link.
In a small way better usability enhances security by making the user less likely to get things wrong.
I don't think it's petty at all to link to publicly available information, when others have requested that information. Google-fu differs between individuals.
I do find it particularly petty that someone would go to great lengths to expose the private details of the life of a man who just wants to be left in peace.
So it's OK for you to use your Google-fu, but not for her to do the same thing?
I, for one, am quite interested to know more about Satoshi Nakamoto and this article is responsive to my curiosity about him. As someone else has pointed out, a great deal of information is public anyway in the form of property tax records and what not. If this were not the case I would get much less direct mail.
Well that line of reasoning is exactly what I was referring to. The reporter doing due diligence and fact gathering is in ill taste, but responding in kind and releasing personal information about her is justified? That doesn't hold water, logically. I don't think anyone is that naive. It's alright if you're upset about divulging Nakamoto's personal details, it's the tit-for-tat mentality that comes across as childish.
Well there seems to be some misunderstanding about who released what. I have not released anything because I didn't have to.
All I have done is link to some items that she released into the public domain on a previous occasion.
Sharing the stupidity of others is a long-lived internet tradition. It's almost adage status; be careful what you post, it may come back to haunt you later. The same is true of this, I suppose.
I really don't think this is appropriate material in the comments of an article about Satoshi Nakamoto. If you want to write an article about the Author's important contribution to the history of Bitcoin which includes her home address, you might have a leg to stand on.
It's a little premature to be recommending scrypt. There have been some posts on openwall suggesting it may be weaker than bcrypt, although it is also still a work-in-progress. I'd hold off until it is more battle-hardened before either recommending it or using it.
Thanks - that's actually the post I was thinking of. Considering on most modern machines scrypt will likely tune itself to use 512MB, a 1MB buffer's pretty small, but it would be interesting to know where the cutoff for significantly-better-than-bcrypt might be. I expect most sites could throw 16MB at logins without much difficulty (as suggested further in that thread).
