While you're right that all CAPTCHAs are annoying, the CAPTCHA ads are a whole different level of annoying. I think you'd lose more goodwill than you'd gain in money from doing this.
Windows 7 comes with Windows Search as part of the system, and it indexes PDFs and is excellent (unlike the prior iterations of Windows Search/Indexing Service)
The ScanSnap Organizer that comes with the ScanSnap is actually pretty good. Other than that, Windows 7 will index OCR'ed PDFs so you could do the same sort of thing as the article without needing "extra" software.
You rock. This weekend I was planning to start evaluating A/B testing frameworks for my ASP.NET-based travel site. I was really hoping I could find something like Patrick's framework and here it just dropped in my lap.
Thanks for releasing this. I'll let you know how it goes. HN delivers again!
Who's writing recommendations that say "switching ciphers fixes the problem"?
Visual Studio Magazine [1].
I've enjoyed reading all your comments on this thread. You clearly know your stuff. Based upon what you've seen so far and what you know about the ASP.NET framework, do you see any way around this short of some patch from Microsoft?
The funny part about this story is that Thai's video (of him breaking DotNetNuke) breaks a 3DES key. The great thing about CBC padding and bitflips is that it's inherent to the block cipher mode; switch to DES-EDE, MARS, Twofish, or Serpent and you still have the same vulnerability. You don't even need to know how the algorithm is implemented! The same exploit will work, regardless of the underlying exploit.
No, Rails encrypts then signs, which means it verifies HMAC before it CBC-decrypts the message. It isn't vulnerable to this attack. What led you to say that it was?
JSF was vulnerable to this attack; Thai and Juliano, the researchers that other HN users are trashing on this thread, also found that flaw as well. I have to assume it's been fixed by now.
Their comment about MessageEncryptor is accurate, but I don't believe the bare #encrypt (which could create a vulnerability if exceptions weren't laundered) is used anywhere. Rails sessions are encrypted and then HMAC'd. This pattern isn't susceptable to padding side channels.
LicketyTrip just moved from a 8 year old, colo'd, dual P3 PowerEdge - yah, I said P3 :) - to a large Windows 2008 instance on EC2. I've been very happy with the results.
It looks interesting but I found the documentation page to be pretty lacking. The simple example they show just allows you to pass a height and width parameter, but the home page says you can do cropping, watermarking, etc.
You can pass other info in the outputs hashes, like labels, your own ids, or whatever. That extra info will be passed back to you in the response JSON.
So I assume it is a case of emailing them and asking for an exhaustive list of what can be passed to their api, the documentation definitely needs work.
