Congratulations to Jeroen, who is the new owner of pastebin.com. Many thanks to everyone who expressed an interest in taking it over.
The site is now running on vastly improved hardware, and I’m sure Jeroen is going to do a fantastic job in taking the idea forward.
You can track future news and updates by following @pastebincom on Twitter.
End of era for me, but I wish Jeroen the very best of luck!
I have a need to shed various side projects to free up my time, so I’m looking for anyone who is interesting in purchasing pastebin.com and developing it further.
I created the site way back in 2002, and it’s more popular now than ever with usage steadily growing. Now is a great to time to hand over to someone who can develop the idea further – something I’ve struggled to find the time to do.
Don’t delay though, as some good offers have already been made. Watch this space for more news.
(Edit – sold!)
If you’ve ever worked on localizing an application or website, you may be familiar with the .po files used with GNU gettext and compatible tools.
I’ve written a script which can take a .po file and translate any untranslated strings with Google Translate. This may not be a ‘release quality’ translation, but does speed up the job of a real translator, who can simply proof read and correct the machine-translated entries.
See it in action here: http://pepipopum.dixo.net
I’ve released the source under the Affero GPL too, so you can tweak or host it yourself. The version hosted above does have a one second delay between translations, so if you want to go faster you’re encouraged to do exactly that!
Hope someone else finds it useful.
In the past few days, pastebin.com has been cited in a wide variety of high-profile news sources regarding a “leak” of email account passwords.
This brought a huge surge in visitors, and ensuring I kept the server functioning took up all my available spare time. I wrote a short blog entry which attracted a lot of comments. Things are a little calmer now, so I’m writing this longer post to explain what happened.
Microsoft investigated and have frozen the affected accounts on their systems and if you find yourself locked out of your account, fill out their recovery form to regain control.
Aside from that, if you’ve ever entered your email login details into anything but your providers web page, then I recommend you change your password. It’s likely that the leaked list came from a much larger set – just seeing the published isn’t enough to be sure your details have not been compromised.
So, even if you are just a bit concerned, just change your password. Go on. I’ll wait.
All done? Now read on for the gory details….
…some unknown bad guys start collecting email addresses and passwords.
We can be pretty sure that they didn’t “hack into” Microsoft or any other major email provider to obtain the passwords. These companies should not actually store your password, they just store a fingerprint of it (what developers call a cryptographic hash).
To extend this analogy to the real world: if you emailed me your fingerprint, I couldn’t tell what you looked like, i.e. I could not reconstruct you just from that fingerprint. However, I could verify your identity if I met you by taking your fingerprint and comparing to the one I had stored.
So, when you log in and send your password, they take the fingerprint of what you entered, and compare with the fingerprint stored in their database.
The most likely, and perhaps surprising, answer is that they simply asked the users for them. For example, they could create an authentic, safe looking site which promises to tell you who has blocked you on MSN Chat – all you need to do is enter your MSN account details.
Some researchers have also suggested the details were harvested by infecting PCs with keylogging software.
For reasons unknown, our miscreants post a set of hotmail addresses and passwords on the pastebin.com website.
A sharp eyed user spotted the posting, or found it via a Google search, and it reached the attention of a tech news blog called Neowin.
If users spot a post which appears not to belong on pastebin, they can flag it for attention. I check these flagged posts daily, and it’s a very rapid and streamlined process:
The software presents me the first 10 lines of the post, together with a link I can click if I think the post should be deleted. Generally it’s pretty easy to determine if something doesn’t belong, and a list of email addresses and passwords is obviously not going to make the cut.
So, someone spotted the post and flagged it. The next morning, Oct 4th, at 07:29 I saw the first 10 lines, and deleted the post in a heartbeat before realising the true scale of the list which subsequently caught media attention.
After Neowin posted their article on October 5th, interest in the story steadily grew.
I was up early on that day to check on the traffic and see if any special action would be needed. Having read the growing number of news articles I took the following action
Traffic levels were so high that the search was running at a crawl, so I closed the site so the cleanup would complete, and left for my office.
I reopened the site late afternoon UK time, and continue to monitor the traffic to ensure it remained as usable as possible.
Let me abuse Pulp Fiction for a moment:
Now, if it happens again, I may act differently. Security professionals at some large companies have expressed interest in helping their users if such a list could be made available to them. I’m more interested in enhancing the content filters on pastebin to ensure that text that looks like a list of email addresses is simply rejected.
Even if your email address wasn’t on the list, if you think you’re the kind of person who is prone to phishing scams, just change your password. If you didn’t understand that last sentence, just change your password.
The published list was likely much larger, since it seems it was alphabetically ordered and only got as far as ‘b’. Having possession of that list will not help you determine if your address has been not been compromised.
Sure! As long as it’s not “is my address on the list?”
It seems that a list of 10,000 Hotmail usernames and passwords has been posted on pastebin.com in recent days.
Pastebin was created as a tool to aid software development, not to distribute this sort of material.
As a result of the interest this story is generating, pastebin.com is experiencing huge levels of activity – as a result I took it offline to ensure all the offending material has been removed, and have adjusted the abuse filters prevent re-occurence.
Edit: please don’t ask if you name was on the list. I have no way of knowing. Just change your password.
Edit #2: things have calmed down now, and I’ve written a longer post about the incident here.
I’ve had a DMCA takedown request sent in relation to a pastebin post containing the signing keys for a range of Texas Instruments calculators which, if I understand correctly, allow you to digitally sign a replacement operating system so that the hardware will accept it.
If you buy a piece of hardware, I firmly believe you should be able to do whatever you like with it, and people installing their own operating systems and *improving the damn product* is something TI should be happy about.
There’s a blog over at http://brandonw.net/ which is enthusiastic about this sort thing, and you can read wide and varied discussion about the issue on SlashDot too. (Edit: on 23rd Sep The Register weighed in with this article)
So, here is the DMCA takedown request Texas Instruments sent to me:
September 17, 2009
To Whom It May Concern:
Re: Illegal Offering of Material to Circumvent TI Copyright Protections
VIA: report abuse at pasetebin.comIt has come to our attention that the web site http://pastebin.com/f23af06b7, contains material and/or links to material that violate the anti-circumvention provisions of the Digital Millennium Copyright Act (“DMCA”). This letter is to notify you, in accordance with the provisions of the DMCA, of these unlawful activities. Pursuant to the safe harbor provisions of the DMCA, we request that you remove any whole or partial reproductions of and/or disable links to the following:
The post located on http://pastebin.com/f23af06b7
Texas Instruments Incorporated (“TI”) owns the copyright in the TI-83 Plus, TI84 Plus and TI-89 operating system software. The TI-83 Plus, TI-84 Plus and TI-89 operating systems use encryption to effectively control access to the operating system code and to protect its rights as a copyright owner in that code. Any unauthorized use of these files is strictly prohibited.
http://pastebin.com/f23af06b7 is distributing or providing links to information that bypasses TI’s anti-circumvention technology. By providing copies of or offering links to such information, http://pastebin.com/f23af06b7 has violated the anti-circumvention provisions of the DMCA at 17 U.S.C. §§ 1201(a)(2) and 1201(b)(1).
Please confirm to the undersigned in writing no later than noon on September 18, 2009 that you have complied with these demands. You may reach the undersigned by telephone at (xxx) xxx-xxxx or by email at xxxxxx@ti.com. TI reserves all further rights and remedies with respect to this matter.
I hereby confirm that I have a good faith belief that use of the Illegal Material in the manner complained of in this letter is not authorized by the copyright owner, its agent, or the law, that the information in this letter is accurate, and that, under penalty of perjury, I am authorized to act on behalf of TI, the owner of the exclusive rights in the TI-83 Plus, TI-84 Plus and TI-89 operating system software that are allegedly misappropriated using unlawful methods.
Texas Instruments IncorporatedXXX XXXXXX
Manager, Business Services
Education Technology Group
I live in the UK, and pastebin.com is hosted in the UK, so hitting me with a DMCA takedown request is rather pointless. However, I do remove copyrighted content on request, so much as it pains me to do so, I’ve deleted that post for now.
It’s no biggie, if you want the keys, just check wikileaks or do a Google search for 82EF4009ED7CAC2A5EE12B5F8E8AD9A0. That’s just a long hexadecimal number. Pretty sure I’m free to express that number in any form I like.
Can you say “Streisand Effect”?
Edit: Interesting post here on dealing with these TI DMCA notices. Persoanlly, I’m not interested in fighting to keep the post on pastebin.com as it is widely available elsewhere. I have a copy of the keys should I ever wish to actively distribute them though…
Edit#2, Oct 14th 2009: The Electronic Frontier Foundation have written the following about this issue: EFF Warns Texas Instruments to Stop Harassing Calculator Hobbyists.
I run pastebin.com, and maintain it daily. I check for abuses of the service, block IP addresses of serial offenders and try to ensure it provides a speedy and useful service.
I make the software available for others to use and improve upon too.
pastebin.org is one such site, but I’m starting to get emails from people who’ve used that site and are now infected with the Win32/Alureo trojan virus. In addition, the site seems to have been compromised in other ways, with extra advertising banners and popups.
I’m not responsible for that site. I’ve tried to make contact with the registrant listed in whois records, but not had a response.
The moral of the story: if you want to stay safe, stick with pastebin.com!
Last October I found a bug in PHP’s SOAP module. It was pretty obscure bug in the way PHP used Digest authentication. As it was a showstopper for me, I submitted a bug report and wrote a patch to fix it.
It took a while, but my patch has finally been merged into the 5.* and 6.0 sources!
I’ve been using PHP for ten years, and so it’s perhaps a little surprising it’s taken me this long to give anything back. Truth is, this was the first time I’ve come across a bug which halted my development work.
It’s a tiny fix, 6 lines of code, but it makes me happy that after all this time, finally, there’s a bit of me in PHP! Hurrah for open source software!
Geograph.org.uk has been offline all day, there seems to be a problem with a router which connects the Geograph servers with the rest of the Internet.
At the moment we don’t have a definite ETA but I think it could be Monday before we get this resolved. Enjoy the excellent bank holiday weekend weather!
Edit: We’re back! As suspected it was a router issue, our thanks to the sterling folk at Fubra who resolved this late on Sunday night.
Edit #2: …and on Thursday morning it seems we’re down again. Seems to be the same issue, should not be down for long….
Edit #3: We’re not having a good week. An entirely unrelated issue has brought the site offline again on Monday 1st June. This one is within our control but proving tricky to fix….
Edit #4:Our hosting provider have provided a full account of the network problems experienced in the past week, largely due to a complex sequence of upgrades. It seems we should now be entering a period of calm and unparalleled uptime! Touch wood…
If you’re documenting your classes with Doxygen tags you might be wondering if you can use that help inside QtCreator and get those F1 tooltips whenever you hover a documented class or method.
I wondered the same thing, and it turns out Doxygen needed a little tweaking to make it work. Karsten Heimrich at Nokia rather kindly wrote a patch which will eventually make it into Doxygen, but if you have burning desire to try this, here’s what you do….
Once I hear that Doxygen includes this patch I’ll remove this section – so if you’re reading this, you probably need to patch. So, lets grab the latest sources and apply the patch.
svn co https://doxygen.svn.sourceforge.net/svnroot/doxygen/trunk doxygen-svn
cd doxygen-svn/src
wget -O doxygen.diff http://blog.dixo.net/doxygen.diff
patch < doxygen.diff
cd ..
Then configure and build doxygen with any options you might need. Most people should be able to simply do this
./configure
make
make install
You should how have the patched doxygen in /usr/local/bin.
There are some Qt Labs posts on generating Qt Help from Doxygen, but here's a quick run through:
To generate a Qt .qch file you'll need the following entries in your doxygen configuration file
GENERATE_QHP = YES
QCH_FILE = /path/to/output/helpfile.qch
QHP_NAMESPACE = com.yourdomain.subdomain
QHP_VIRTUAL_FOLDER = yourfolder
QHG_LOCATION = /your/path/to/qt/bin/qhelpgenerator
Run patched doxygen and you should end up with a .qch file in the filename given by the QCH_FILE option. Almost done!
That's it! Now hover the mouse over one of your documented classes and you should get a tooltip suggesting you press F1.
Documentation nirvana! Again, my thanks to Karsten Heimrich for writing the patch, hope someone else finds this useful!
Other blog posts I've found interesting recently...
| M | T | W | T | F | S | S |
|---|---|---|---|---|---|---|
| « Feb | ||||||
| 1 | 2 | 3 | 4 | 5 | 6 | 7 |
| 8 | 9 | 10 | 11 | 12 | 13 | 14 |
| 15 | 16 | 17 | 18 | 19 | 20 | 21 |
| 22 | 23 | 24 | 25 | 26 | 27 | 28 |
| 29 | 30 | 31 | ||||