It's not uncommon for sites to get hacked (one every 3.5 seconds is the current rate), and in some cases this is so they can host a phishing form (which is why the US government took down JotForm.com).

Given this draconian approach to removing some phishing forms, and given that's it's tough to completely stop hackers, it's clear that this could happen to any site, or to cloud services that host your content under a shared domain (maybe even Tumblr or Pinterest).

The only protection is not to host sites with US-based registrars.

I would hope that EU-based registrars for .com etc should be safer from this sort of action - can anyone confirm? Failing that you could go for a country domain.

I did read the article, although quickly, and I wasn't very impressed with it. See http://slashdot.org/comments.pl?sid=2622556&cid=38711478 for some of the errors. The mention of GPUs is really irrelevant to security, and most useful for crackers.

By "standard library" I really mean something like phpass that is written by developers who are highly security-aware. PHP's built in libraries probably don't qualify on that score.

phpass will work on almost any version of PHP, and can use MD5 or SHA1 if that's what's available.

Password stretching: the article's point about iterating 1000 times creating 1000 times the collisions is theoretical, as there are ways of implementing stretching that don't have this problem - see http://en.wikipedia.org/wiki/Key_stretching for non-collision-prone stretching options.

There are many web hosts still using PHP 5.1 or 5.2 - requiring a recent PHP 5.3 isn't really a solution for many people.

Mod parent up, the article is quite good.

A more general and simpler answer though is to *always use a standard library* - see http://stackoverflow.com/questions/1581610/how-can-i-store-my-users-passwords-safely/1581919#1581919 for a good answer.

Also ensure that your password storage is one-way hashed, and *salted* with a random salt (different per user) and uses *password stretching* (i.e. iterates the hashing function thousands of time to make brute forcing much more expensive). See http://slashdot.org/comments.pl?sid=1987632&cid=35150388 for more on password stretching including phpass, the gold-standard library for PHP used by WordPress, Drupal, etc.

Most importantly, never write your own password storage - you are virtually guaranteed to get it wrong. Apart from the above issues, what about timing attacks (Zend has an article about this from PHP perspective.)

Unfortunately I need Adobe on my work PC to enable comments - don't think Foxit handles this. Foxit 5.0 was a bit crap (broke in some ways) but 5.1 is better.

Thanks for the pointer to Okular, this might be a good option on Windows. Included in the KDE for Windows installer: http://windows.kde.org/download.php

Mod parent up - Okular looks like a really good option for Windows covering PDF, XPS, ePub, Mobipocket, CHM, etc. Rather a large download if it's your first KDE app on Windows (80 MB to download, 200 MB installed), but disk space isn't expensive these days and other KDE apps will be small downloads. There is even a standard Windows-style installer.

Unfortunately I get the message "requires an OpenGL card" on Windows XP SP3 with an NVidia GTX260, which definitely has working OpenGL. I've seen reports of this problem on MacOS too.

Hope Supergiant Games can fix this - since this is a web-delivered application, I'd hope they can grab hardware/OS details, with user permission, to help in resolving the issue.

Do you have a pointer to the registry key that needs to be changed?

I do use Ubuntu at home so I'm aware of the apps available, which are mostly the same as Debian, and about 30,000 in total: http://en.wikipedia.org/wiki/Debian#cite_note-14

However there are now over 100,000 iPad apps (see http://socialtimes.com/iphone-ipad-available-app-count-around-400000-now_b65291 ) - some of them will be junk, but judging by what's on the iPhone there are many useful apps, games and other content (videos, magazines, newspapers) that aren't on Debian/Ubuntu.

It all depends what you consider useful of course - if you want scripting, software development, servers, and an open desktop, Debian is more useful. If you want games, productivity apps, multimedia, etc, an iPad is more useful.

Some of the benefits come from battery life - an iPad is ARM based but unlike ARM netbooks has a huge base of applications. Some other benefits seem to come from the lack of 'computer admin' and the full-screen model.

One big downside of an iPad would be the lack of a shared filesystem, particularly when using multiple apps to make use of a larger app such as PhotoShop. This is unlikely to change, which is why people end up using Dropbox as a shared filesystem, though not every app supports it.

Virgin is really no more of a "fibre network" than BT's FTTC (Infinity) - they use Hybrid Fibre Coax (HFC) like every other cable operator, so the fibre turns into coax between the Virgin building and the customer premises (hence the Hybrid).

Of course Virgin like to lie about this in their marketing and claim they are all fibre...