By using this exploit, spammers get additional user useful data: They'll know each user's full name in most cases. They'll know that the user is interested in the site he's commenting on. They'll know what language he speaks. Basically, they can compose much more compelling emails with a higher probability of getting through and even being seen as relevant to the recipient.

This is not related to the MD5 algorithm or use of salts. The fact is that Gravatar wants sites to use Gravatar without sending loads of requests to gravatar.com. Therefore Gravatar must provide a "client-side" API for generating Gravatar avatar URLs based on the known constant, email addresses. Sure, they could have salted things, but whatever they do, there's an essentially open source function somewhere that takes an email address and converts it to a Gravatar URL. As the algorithm is available to anyone, any attack can use it to check intelligent guesses against the known algorithm result.

There really isn't anything Gravatar can do without changing their design to decouple avatar URLs from email addresses. Basically whenever anyone registers an account with a blog, the site would have to ask Gravator for the user's Gravatar avatar URL -- and probably poll on some regular basis in case users add Gravatar avatars later. The blog would then have to pertain this data in their databases for later look-up when comments are viewed. This is certainly possible, and could probably be designed in a way that doesn't add additional load to Gravatar's servers. But compared to the current implementation, which can be added to blogs with very minimal coding (probably just a couple lines in PHP), to do this more safely would require persistence-layer/database schema changes that would severely limit the attractiveness of Gravatar.

+1 on $8/hour just being strange. I started out at a $10/hour internship doing computer graphics and Perl programming 12 years ago, then $15/hour doing coding for a GOVERNMENT CONTRACTOR two years later. Now that I work for a "major software company", we'd be caught dead paying interns less than $25/hour because we want them to by happy and come back! This economy is a huge stumbling block, though, so maybe you're lucky with what you get. But at $8/hour I think you're not actually getting an IT position, but a personal assistant position, and you'd probably do well to find other opportunities.

I read the article and he's exactly proposing paying off the top 1000 sites. Direct quote: "Would the top 1k most visited sites take a cool $1mm each?" Sure, then he pontificates... what if the top 100k sites also got a cut? But he doesn't suggest anything besides paying off sites, the largest getting nearly $1mm.

Why does everyone talk about encrypting the signals? It's more important to know who is talking than attempting to restrict the list of people who can hear or transmit. Therefore it would make sense to me to sign the transmissions. If there's noise, the signing fails, but you can still use other forms of trust to verify the transmitter. Without significant noise, you have a greater degree of trust -- and with that, people without trust can be ignored.

Right, because Fox News would never do such a thing.

Bias Reaches New Heights at New York Times
By Sean Hannity
http://www.foxnews.com/story/0,2933,528445,00.html

That's bizarre. I have no interest in Safari personally, but I'd expect 3-5% Safari unless you have a specific demographic that does not appeal to Apple users. Does your web site tailor to developing countries, for example?

Does your web site not work on Safari or are you reading your statistics wrong?

You sound like you don't think prison is a punishment. You do realize that inmates lose basically all their freedoms? They're confined to a small space where they cannot leave. They can only talk to the outside world at specific times dictated by them. In higher security prisons, they can't even go to the bathroom without being seen by guards. I would much rather be out in the world working for free.

> Chorusss

It's actually just a double-S at the end. The double-S is totally cute. And a great reminder of how great life was under the Shutzstaffel's watchful eye.

I'm no PR guy, I'm an engineer. And if I were put into Hugh Griffiths' shoes, I'm not so sure I'd have answered the questions any differently. He knows the product sucks: It's more expensive, non-transferable, and behind the times technically. He's probably IMMENSELY frustrated that they could only release this crap given the building products they have to work with. So, he grits his teeth, does an interview, and does his best to not say anything negative. But you can just tell he's disappointed.

If I were him, actually, I wouldn't have done the interview. That's probably his big mistake.

"Almost before we SOHO became everyday market speak."

*confused eyebrows* .... I think Novell has already become irrelevant, but I have no clue what SOHO is.

I second your recommendation of the University of Manchester. I studied abroad there in 1999, computer science degree. I had the advantage that I took an overload of classes every year at my home university (University of Virginia), so I had a lot of freedom to take non-computer science classes, but I did enjoy taking classes in Optical Computing and Artificial Intelligence. The former was not even taught at my university, which created a problem when it came to transferring credits but with some approvals it was accepted.

What I most liked about the University of Manchester was that I was treated like an ordinary student. Many, many study abroad programs segregate students from abroad into their own dormitories, with their own social events, and often with special classes. This may seem like an advantage, but if you're going to study abroad, it's a shame if you don't experience everything. So while I was a bit homesick and made more American friends than I should have in retrospect, I was constantly around locals -- in classes, in my dorm, in a competitive trampolining team I joined -- learning their culture and experiencing things in a non-American way.

My main recommendation would be to make sure you'll get credits for each course you plan on taking before you get back. But other than that, don't necessarily stick to real "study abroad" programs! Do what you can to get as immersed as you can. In my opinion, it's the immersion that should be highest priority, not necessarily the strength of the computer science program.