Forgot your password?
typodupeerror

Comment: did you think of... (Score 1) 345

by sithlord2 (#42276495) Attached to: Hotmail & Yahoo Mail Using Secret Domain Blacklist

- Implementing DKIM?
- Implementing SPF?
- Make sure the sender address doesn't bounce?
- Make sure you don't open thousands of connections to the receiving party for each recipient ? (in case of yahoo, hotmail, gmail, ...)
- The contents of the e-mail is not considered spam? (provide unsubscibe link, no big images included, etc...)


Setting up a mass-mail infrastructure is not to be taken lightly. There are lots of reasons why you could be listed as a spammer. That's why most companies outsource their their mass-mailing to 3rd parties like MailJet, MailChimp, SendGrid...

Comment: Re:Micro-ISVs (Score 1) 141

by sithlord2 (#41824619) Attached to: Poor SSL Implementations Leave Many Android Apps Vulnerable
Okay listen... Starting a business costs money... a lot of money. If you don't have the funds to overcome a year without income, you shouldn't be starting a business in the first place. If you are out of a job, I hope you saved money when you still had a job.

And read the second part of my sentence: involving investors. Maybe you can convince former businesspartners to invest in your company? Or maybe contact an ex-colleague who happens to be out of a job too?

You may not like the truth, but that doesn't change the fact that starting a business costs money. I considered the same thing when I was unemployed, and I almost started one too. But I took a look at the worst-case scenario (giving my current financial status at that time), and I realized that things could get very ugly if I didn't start making profit after the first 6 months. That's quite a short period, and given the economy at that time, I was not sure that would be the case. So, yeah, I know what you are going through. Ofcourse, if you already have an interested customer who's willing to spent his money on you for a year, than I guess you can take the risk.

You can also try to do some freelance consulting (team up with some big consulting companies if you have to). It allows you to make money, and gives you the freedom to start your company when your finances are looking better. Most IT freelancing jobs don't require a big investment (laptop+office suite software+some bookkeeping stuff). That's how Joel Spolsky of Fog Creek Software started his company, I believe... (do consulting to bring in the money, while working on his software product)

Comment: Re:Micro-ISVs (Score 1) 141

by sithlord2 (#41715443) Attached to: Poor SSL Implementations Leave Many Android Apps Vulnerable
By making sure you already have enough money to start your own business. Create a business-plan, and take all those costs into account already. Make sure you have enough cash for your initial investments + cover your costs for the first year at least. Let an accountant check that business-plan too, to make sure it's actually feasable.

Most ISV's don't do this...

Most ISV's fail because they don't do this...!!

Comment: Re:In the 1990s, certs were expensive and IPs chea (Score 1) 141

by sithlord2 (#41715221) Attached to: Poor SSL Implementations Leave Many Android Apps Vulnerable
I run it on my own VPS, which has a dedicated fixed IP address. I'm not saying my set-up is perfect. But a signed certificate + validation of the entire CA chain already solves a lot of issues.
And I don't SNI because I only have one hostname.

Look, we can discuss this as much as you want, but it doesn't change the fact that self-signed certs are simply "not-done" in a production-environment. As soon as I encounter an unsigned or expired certificate in a product, I just don't trust that product anymore. And I'm sure I'm not the only one...

Comment: Re:A lot of apps use SSL (Score 1) 141

by sithlord2 (#41715177) Attached to: Poor SSL Implementations Leave Many Android Apps Vulnerable

Really? I had to verify by e-mail, sms, and phone for my cheap cert. If you can get a valid signed certificate for my domain at that price without my approval, please contact me. I'm eager to test this. But somehow I doubt that any cheap ssl registrar will issue a signed certificate without at least an email verification of the domain-holder himself. But feel free to prove me wrong.

Nevertheless a signed certificate protects you against 95% of all MTM attacks.

panic: kernel trap (ignored)

Working...