leigh_t's comments

I apologise for my impulsive reply. I should have better discipline (usually I don't reply at all because I know I'm pretty dickish)

This is how the site looks to me: http://s13.postimg.org/uduowd0if/sugar.png

In my opinion this is pretty terrible. We all know the importance of first impressions (case in point, people reading my initial response).

Whoever made your site. Don't fire them, shoot them.

> due to a vulnerability in the extract() command

No.

This is due to insane usage of the extract() function. Not a vulnerability with the function itself.

You can pass user-supplied input directly to plenty of other functions which have equally idiotic outcomes, it doesn't mean that they have vulnerabilities, it means the author is a liability.

It was indeed an excellent course and for any would-be participants I recommend buffing up on discrete mathematics and number theory already if they're not your strong suit.

I found the course pretty hard as programmer with a strong interest in crypto, but no formal CS/maths background. The coding pieces were fairly straightforward, but the maths hurt.

Please please please email out to past participants when it is available, the first one was amazing amounts of fun.

You could try Engine Yard (https://www.engineyard.com/), I think they are using EC2 (has a datacenter in Ireland).

Can't vouch for how "good" their PHP offering is having never used it, definitely a passionate team though, I've met several of them over the years at PHP related conferences (in the UK) as the company has grown.

There is a balance, and it swings heavily in the direction of never ever ever compromising security.

Well there seems to be some misunderstanding about who released what. I have not released anything because I didn't have to.

All I have done is link to some items that she released into the public domain on a previous occasion.

Sharing the stupidity of others is a long-lived internet tradition. It's almost adage status; be careful what you post, it may come back to haunt you later. The same is true of this, I suppose.

> This has a tinge of pettiness to it

I don't think it's petty at all to link to publicly available information, when others have requested that information. Google-fu differs between individuals.

I do find it particularly petty that someone would go to great lengths to expose the private details of the life of a man who just wants to be left in peace.

Well, she's also rather helpful in giving us things like these:

http://leahmcgrathgoodman.com/wp-content/uploads/2012/07/Jer...

Which may or may not be out of date

http://leahmcgrathgoodman.com/wp-content/uploads/2013/01/vis...

Which has other useful info on it.

Sorry for late reply, the post I was thinking off (and didn't revise before posting) is http://www.openwall.com/lists/crypt-dev/2012/09/02/1

Search for the word "weaker"

This is awesome news. I hope other vendors follow suit.

It's a little premature to be recommending scrypt. There have been some posts on openwall suggesting it may be weaker than bcrypt, although it is also still a work-in-progress. I'd hold off until it is more battle-hardened before either recommending it or using it.

So basically a less complete version of https://github.com/leachim6/hello-world

\r\n or \n\r?

ReturN - R before N