Related
Ok. Short story of what I want to do and why.
I am a developer and I feel that I don't contribute enough to this fantastic site and its users. After the recent unpleasantness I went away and thought about what it is that I could do to try and fix this. My idea is a site or section of the wiki built specifically to track bugs and issues in new roms (I was specifically thinking WMXL but there is no reason this can't be used for all of them).
I am currently working on my own XML based site with PHP5 driving and if people think it will be useful I'd write and host this service before I continued with my own site (hopefully before WMXL 0.30 is released).
I want to try and restrict the way people enter and search the information relating to problems with new roms and try to cut out the background noise. I was thinking about having fields such as ROM version (drop down list), radio version (text box), boot loader (drop down list), main program affected (text box), extent of interference (drop down list), description of problem (text area), how to reproduce error (mandatory text area!).
This will hopefully encourage more people to think about what might be causing the problem rather than just posting what they cant do and expecting someone else to work everything out. Forcing a description of how to recreate the problem will hopefully find most users not needing to post after they work it out, and if the recreation steps dont work then the post will be closed. Hopefully people will think enough that I will be able to moderate this forum (type thing) myself and maybe someone in another timezone (closer to the UK) can take care of it while im asleep.
No one can stop n00bs posting silly questions but hopefully we can reduce the amount this annoys everyone else.
Sorry it took so long to describe my idea.
Maz
UPDATE: STARTED!
I got started as soon as I'd got a couple of replies but I still need you all.
For the chef's and other brilliant people:
1. What info do you need with each ticket to try solve them?
2. Do you want to be the only one to close tickets? Or should the submitter be able to?
3. What info do you want to store for the roms to filter to the smallest pool of specific tickets?
For the users:
1. How do you want to be able to search this?
I DON'T ASK FOR DONATIONS! ALL I ASK IS THAT PEOPLE SEARCH BEFORE SUBMITTING!
---------------
http://maz.net.au/
Bugzilla? yes please
This is a very good idea. In fact, I think that we need too a place to store the temporary fixes generated after each ROM publishing. It will be a good place for this too.
Good Idea.
It Would Help A Lot, Sounds Like Finding Answers Would Be Easier And Should Cut Down On The Hostile Atmosphere.
Cheers
Yes, very good idea.
This become easyest forum for everyone.
If it would be of any use, i can host this on one of our UK servers so we get very good speeds? I know 'iammaz' has said he can host it but he is in Australia so for the UK guys it might be a tad slow.
If not then no worries, but just trying to do my bit!
jaso2005 said:
If it would be of any use, i can host this on one of our UK servers so we get very good speeds? I know 'iammaz' has said he can host it but he is in Australia so for the UK guys it might be a tad slow.
If not then no worries, but just trying to do my bit!
Click to expand...
Click to collapse
Cheers and I'm sure everyone appreciates the offer. My site is hosted in the US. At the moment this is being built as a module to my current CMS. Whether or not this adds too much overhead I won't know until I try. The problem will be if I use too much cpu time im sure it's against the ToS with my hosting company and they will shut me down.
I hope that I will have it built as a stand alone object by then and anyone else can take this and run this on php5 hosting or in fact I could run it as web services from my personal server at home.
Progress goes well. Just working on possible searching and indexing algorithms to make searching fast and useful.
Maz
-------------------
I can't believe I forget to type this.
http://maz.net.au/
Great idea
It's 2am. I'm piking for the night. I'm expecting a phone call at 7am tomorrow so will be back into it then for 5 or 6 hours. Hopefully will be almost done by the end of that.
I need to work out how you want to have logins work. I don't think i can make it authenticate against this forum (i havent tried integrating with vBulletin before). Do I allow open registration? do I try make it force you to register the same name but PM'ing the password to that username here? do i manually add people as they ask and restrict the group?
let me know in the next 6 hours or so.
Maz
----------------------
Badly styled CMS can be seen here. (new version looks so much better )
http://maz.net.au/
Open registration, but obviously grant privileges to those of us who classify as developers.
Olipro said:
Open registration, but obviously grant privileges to those of us who classify as developers.
Click to expand...
Click to collapse
And super-user privileges for the chef's for bug tickets that apply to their cooked roms.
Maz
----------------
hard at work again at http://maz.net.au/
I downloaded somewhere some image sizes - below are two. I am not too sure which one I downloaded these for / from. But can these icon information be used for Windows Mobile 7, Android, and iPad / iPhone?
From what I think I remember speaking with one developer helping him with testing his game, I think he said it was $99.00 a year for 100 applications. If I only wanted to submit one (free) application, would it be better to find someone that already has the feature to develop this application? The application is very small - mainly to read one specific RSS feed.
Hey
the developer account costs are not connected to the image license price. If you want to submit a WP7 app to the marketplace, you have to own a developer account, that costs $99/year. But this price does not grant the permission to use these pictures. You have to ask the creator whether you're allowed to use them.
Regards
Chris
Thanks - sorry I did not mean to imply I would use these images, I just did not know if it was these image (sizes / quality) that was needed.
If the developer has an account though and he develops the app that I need, can he use that account to upload the app?
Hey
For the licensing procedure and requirements you should visit this link:
http://msdn.microsoft.com/en-us/library/hh184843(v=VS.92).aspx
But I don't get your question. If you're asking wheter you could have another developer programming and submitting the application you need the answer is yes. Every developer that has an account can send apps in. You just have to find someone that wants to create your application. Another possibility would be to program your app yourself and send the compiled version to a developer, so that he can pass it to the WP marketplace...
Regards
Chris
If you need an app built for something easy like an RSS feed, check this thread:
http://forum.xda-developers.com/showthread.php?t=941248
it discusses a build your own app website.
http://thirdlabs.com/
I have never used it and have no afiliation with the site, but it looks easy enough...
Anywho, once the app is made, you can
sideload it (if you're unlocked)
pay for a dev account and submit it ($99 a year)
try to get a free student account and submit it (see here )
find someone with a dev account that will submit it for you
good luck
Thanks for the links! I have run into the RSS feed link - but it was not that site.
Yes, Chris - that answers that question. I thought as much but wanted to make sure. (Sorry it is difficult for me to sometimes get my point across due to my health).
Hello everyone! I am the developer of Prepay Widget, a powerful app that allows you to monitor your account balance through USSD requests.
You can find more info about USSD on Wikipedia, but basically these are short, SMS-like messages used by most GSM and some CDMA providers to deliver information
or control account services. The actual information comes to you in the form of popup toasts, which thids app hides and parses into widgets.
You can find the apps landing page on XDA at the following thread:
http://forum.xda-developers.com/showthread.php?p=12348102
However, i want to stress that its important that we get some device-specific feedback, so please post in this thread if you have issues,
this helps me keep track of bugs and requests better.
You can use the Lite version of the app - it has all the functionality of the full version apart from automatic updates (not really that important imo).
As I haven't got one of these phones in my pocket, I need some testers to track down problems. Please, use this thread to comment or
suggest features. It is my belief that addressing issues is best done individually by phone, so if something doesn't work, let me know and I will fix it ASAP.
Market link:
https://market.android.com/details?id=fahrbot.apps.ussd.widget.lite
Debugging:
Please use the "Write to developer" item in the Settings menu to send logs. Enable debugging, reproduce your error and then send the logs.
Make sure you include a description - the more detailed the description the better.
Screens:
beautiful app idea. how does this work ?
It uses free USSD request. Numbers like *100#...
hmnn.. it seems that it wont be able to update on Optus Australia. As you need to send sms to 9999 for usage details ! do you have anything similar to implemented in this or just the USSD commands ?
This is a great idea, i could have used something like this when i was on pay as you go. Nice work!
Ok the widget appearing is blank ? Is this normal i am using it with a USSD command on another phone with which the network supports.
Which phone? This is just the kind of issue i want to fix!
European SGS2 Stock XWKF3 rooted, blank too. (tested on free version)
Are you sure you got a ussd reply?
Yes I'm sure, I received the reply, made 2 indicators and I'm viewing the differences (green/red) between two calls.
Please send a log using Write to developer in Settings. Don't forget to add a description as the logs can be deceptively empty.
is it internationally?
You just need to know the codes for your operator ...
I have updated the app - please let me know if this fixes your issues!
Fixed all issues for me. Got the full version... great app!
Works great now, thanks, buying the full too.
Great! If you have suggestions, do let me know.
Hi guys. Im back to bother you about stability
Any issues to report before we start working on a new build?
Working great here, thanks.
Any issues? Suggestions?
Hi there,
I have my own domain name. When signing up to websites, such as xda-developers, I use that site name as the to address for my domain name ie, [email protected]
This morning, I've received a spam email with subject "Subject [EN]Diablo III Account Locked - Action Required" to my xdadevelopers address at my domain.
Has there been a database compromise perchance? I've had a search through the forums here and don't see anyone else that has mentioned it as yet. The spam arrived about 3 hours ago from now.
It'd be a shame to have to close my account and devnull this email address, as I really love these forums and the great users herein.
Regards.
Update 1: It's certainly not a dictionary attack that I can see, as I haven't received any others of this nature to my catchall mailbox.
If it's any help at all, the headers show this as the sender host;
Received: from WWW-9763E06E580.net (unknown [110.103.67.128])
(very likely unrelated to any alleged compromise attempts, if indeed a compromise even occured).
I have seen this reported a couple times before but no resolution as I recall. I have passed this on to one of the admins, hopefully he can take a look and let us know if this is a problem to be concerned about.
I'm not aware of any compromise of the database. What I can say is that we treat our members data with the utmost respect and this would certainly be a concern of ours, but I don't see any evidence of any kind of intrusion like that.
bitpushr said:
I'm not aware of any compromise of the database. What I can say is that we treat our members data with the utmost respect and this would certainly be a concern of ours, but I don't see any evidence of any kind of intrusion like that.
Click to expand...
Click to collapse
Thank you for checking that sir. I believe that in the other threads, it was suggested that someone might have posted their email and a screen-scraper harvested it, or perhaps their email was grabbed some other way, but nothing definitive ever came of it.
bitpushr said:
I'm not aware of any compromise of the database. What I can say is that we treat our members data with the utmost respect and this would certainly be a concern of ours, but I don't see any evidence of any kind of intrusion like that.
Click to expand...
Click to collapse
Thanks for that, and I respect that data is treated with complete secrecy. I've not used this address or posted it anywhere else. It's used solely to login with, so i'm still a bit confused. I'll leave it for now, as it's only one example.
Regards.
Hi,
I'm in the exact same case, I use per site email on my domain , no dictionary attacks too (I got catchall so I see them) and same mail received
Same mail same kind of sender:
Thu, 16 Aug 2012 08:22:23 +0200 (CEST)
Received: from WWW-9763E06E580.org (unknown [110.103.67.40])
I can assure that this email is not used in any screen-shot or anything else than logging here.
This is quite annoying and since I don't use the same header as the other one (me it's [email protected]) it really seems that the mails data are compromised.
Regards,
Tolriq.
As above, exactly the same spam email, although the email address I used to sign up here is more complex than just [email protected]
I'll keep the email around, in case anyone wants to follow up on it.
Could this perhaps be the result of the new theme showing user email addresses on member pages (Eg. somewhere on http://forum.xda-developers.com/member.php?u=3492510)? Even if it's corrected now, if it did at any point, spammers may have scraped the member list during that time.
I've also just gotten an email directed at my one-time use address used for registering at XDA. Something's up, check your logs you've been compromised. I highly recommend a notice and forced password reset.
Return-path: <[email protected]>
Envelope-to: xda@MYDOMAIN.COM
Received: from [110.103.66.127] (port=57501 helo=WWW-9763E06E580.org)
by [REDACTED] with esmtp (Exim 4.63)
(envelope-from <[email protected]>)
id 1T6h7P-000354-NH
for xda@MYDOMAIN.COM; Wed, 29 Aug 2012 08:11:36 -0400
From: "Diablo III" <[email protected]>
To: <xda@MYDOMAIN.COM>
Content-Transfer-Encoding: base64
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2900.5512
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.5512
X-Spam-Level: *****
X-Spam-Report: score=5.0 tests=CMAE_1, SHORTCIRCUIT version=3.3.1 cmae=v=1.1
cv=02sxpKrcaeIklPG9ikjtw9+Ix2dV+yAR3ckHHBRjlIA= c=0 sm=0 p=eKWGPzfAF9w9RlBXnosA:9
a=rfP7uN3eH0UA:10 a=SpdMY5nFWogA:10 a=IkcTkHD0fZMA:10 a=L-ISu7bKYZgA:10
a=jWLQlvoj7db9vSsTWhEWiQ==:17 a=blzCNhbTAAAA:8 a=3J15CkO5AAAA:8
a=xrJga5KMAAAA:8 a=HpAAvcLHHh0Zw7uRqdWCyQ==:117
X-Spam-Score: 5
Subject: [EN]Diablo III Account Locked - Action Required
I'll add a +1 to this (got phish with subject "[EN]Diablo III Account Locked - Action Required" trying to get me to visit a url on host us.diablo.net.zh-fot.in) . The unique address I used to register here in early 2008, while not super cryptic, is not as simple as [email protected] and likely would not be the left-hand part of anyone else's email addr, so likely would not have been derived from the phisher mixing-and-matching from different lists. It appears that they've successfully harvested xda member email addresses.
I can confirm that I've just got the phishing e-mail mentioned by other users here, on an e-mail account created and given exclusively to xda forum.
Code:
Received: from WWW-9763E06E580.org (unknown [110.103.67.201])
From: "Diablo III" <[email protected]>
To: <sax_[B][COLOR="Red"]xda-developers[/COLOR][/B]@xxxxxxxxxx.xxx>
Subject: [EN]Diablo III Account Locked - Action Required
Now I am in the process of making the current e-mail invalid and I creating a new unique one.
We will see how it goes...
I can confirm this. I use [email protected] and haven't had any unusual mail to any other address on my domain.
SMTP From: [email protected]
---
Message-ID: <[email protected]>
From: "Diablo III" <[email protected]>
To: <[email protected][Redacted]>
Subject: [EN]Diablo III Account Locked - Action Required
Date: Wed, 29 Aug 2012 17:00:34 +0800
MIME-Version: 1.0
Content-Type: text/html;
charset="utf-8"
Content-Transfer-Encoding: base64
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2900.5512
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.5512
[Base64 Message Body Redacted]
+1 for me
Mail address used here is site specific, never used for anything else, cannot be dictionary generated.
We have received several reports from users receiving spam and/or phishing emails to email accounts which were unique to their profile on our community. We feel that there are enough of these to indicate that at some point in the past there was some sort of information disclosure which exposed these email accounts. We are not aware of any particular information disclosure or what exact information may have been exposed.
That being said, we take our community members' information security seriously and continuously review our code and configurations for security vulnerabilities. We do, however, run 3rd party forum software and plugins which occasionally have public security vulnerabilities. We apply all patches as soon as they are available to ensure the security of our data and therefore of our community. Even so, there is always the chance that someone is using an unpublished security vulnerability to try to attack our forum and gain personal information.
Our forum, as with many others running similar software, is a target for hackers attempting to harvest personal data (email addresses, passwords, etc). We highly recommend that you use a unique password for each website you are signed up with, and change that password on a regular basis. For services that support two-factor authentication, enable this option for even more security and peace of mind.
If anyone has information relating to any sort of information disclosure or compromise, we encourage them to report them to the technical contact at http://www.xda-developers.com/contact/#technical
Thank you and as always, questions and comments are welcome.
I posted in the other thread about this but figured I'd chime in here as well. I also use my own [email protected] address just for this site. I've never posted the address publicly and I always make up new passwords for each site. Those are at minimum 8 random characters/numbers/symbols.
In the other thread it was proposed that an admin/moderators system may of been compromised and a screen scraper had seen our emails. I find this pretty unlikely since my last post before the ones about this was in March. Are you sure all the moderators/admins can be trusted not to of sold our information themselves?
I think enough people have reported this problem that you should acknowledge it on the homepage and ask if people receiving these emails can post back so you can get a real idea of how many peoples accounts have been compromised.
Until you have found the source of the leak what is the point of changing our emails/passwords, they could just pull the new info again, besides, it's a PIA to keep changing my email address. Is anything being done about this or are you just waiting for some good willed hacker to email you at the address you posted?
Tann San,
I have a zero-tolerance policy about spam and getting the information I trust to a site, leaked all over the place,
but the only reason I've posted about it, is to confirm that indeed happened, after seeing bitpushr's post,
so the sysadmin(s) can look into it.
After said that, please keep in mind that even if they find out what caused the leak this time and patch it,
that doesn't mean that it won't happen again in the future. So the least we (the members) can do,
is to follow svetius advice and keep different passwords for each service we subscribe to and different e-mail accounts
whenever possible, although most of the disposable e-mail services, sadly are banned in this site -- obviously to fight spam accounts.
I hope that this can answer your question about why to change email/passwords this time (and every time after that).
I understand your frustration, it is indeed PITA, but one can hope that whatever backdoor was open to our data, it is closed for now...
You misunderstood me, I do use different email addresses for all my logins, that's the benefit of having my own email server. I also use different random passwords for each account. What I meant was that it's a annoying to change my email address here more than once since the leak hasn't been identified. For example, I can change it right now to another one but then whoever got our addresses already could go back and get my new email address, so then I have to change it again.
I don't really use my account here very often but I do read the RSS feeds/articles every day. I'm just saying that it seems a bit irresponsible to not let people know that their email accounts and who knows what other information has been stolen. That is also part of the reason I asked what was being done about this besides waiting for whoever it was to tell them how they did it.
Unfortunately "hoping" that the leak has been sealed is not a solution.
I wrote the screen scraper suggestion, and that's a pretty unlikely scenario since those are usually used against high value targets for banking info/logins. Most harvesters use the outlook address book or mine the browser cache of victim machines. The most likely explanation is that this was a sql injection attack on the forum software and probably took place "many moons" ago.
Ditto
Not sure if you want more confirmation, but I too have received Diablo III related fishing messages - to an address specific to this board.
My best bet is that someone sold a list of email address on...
Not a big issue for me as I'll just change my email address if the messages gets too much. Going to change my password just in case, but I haven't noticed anything strange.
Good luck!
Rinkink said:
Not sure if you want more confirmation, but I too have received Diablo III related fishing messages - to an address specific to this board.
My best bet is that someone sold a list of email address on...
Not a big issue for me as I'll just change my email address if the messages gets too much. Going to change my password just in case, but I haven't noticed anything strange.
Good luck!
Click to expand...
Click to collapse
XDA will never, ever ever ever sell E-mail adreses!
Sent from my MB525 using xda app-developers app
Rinkink said:
Not sure if you want more confirmation, but I too have received Diablo III related fishing messages - to an address specific to this board.
My best bet is that someone sold a list of email address on...
Not a big issue for me as I'll just change my email address if the messages gets too much. Going to change my password just in case, but I haven't noticed anything strange.
Good luck!
Click to expand...
Click to collapse
We have looked for any suspicious activity carried out by authorised users, and have found nothing so far.
I'm currently working backwards through years of vBulletin emails to see if there's anything from the past that could be an issue.
Your actual password isn't stored on, or transmitted to, XDA. It's stored in a hashed and salted form, which is more than can be said for many high profile sites unfortunately that were in the news recently...
Still, we'll not be happy until we can work out what's happened, no matter how long ago or recently it may have been.
I guess "Off topic" is the right place for this.
Just got two emails from some unknown sender with the following message;
Greetings"
I hope this message meets you in good state of health? My name is [ Mrs Monalisa Cebile Nelson ], I'm young and adventurous woman, searching for a dependable and positive minded person. Actually I found your e-mail address from [ http://forum.xda-developers.com ] and specifically contact you for assistance in foreign partnership based on agreement for mutual benefit, also will very much acknowledge your immediate response please. I hope we can have a positive correspondence and also we can work collectively? Anyway I will intimate you more on that as soon as we get in contact. Please if you are interested do not hesitate to get back to me via [ [email protected] ] for more details and my pictures. Best regards with expectation to hear from you soon.
Mrs Lisa Nelson...
Any idea on this?
SKJoy2001 said:
I guess "Off topic" is the right place for this.
Just got two emails from some unknown sender with the following message;
Greetings"
I hope this message meets you in good state of health? My name is [ Mrs Monalisa Cebile Nelson ], I'm young and adventurous woman, searching for a dependable and positive minded person. Actually I found your e-mail address from [ http://forum.xda-developers.com ] and specifically contact you for assistance in foreign partnership based on agreement for mutual benefit, also will very much acknowledge your immediate response please. I hope we can have a positive correspondence and also we can work collectively? Anyway I will intimate you more on that as soon as we get in contact. Please if you are interested do not hesitate to get back to me via [ [email protected] ] for more details and my pictures. Best regards with expectation to hear from you soon.
Mrs Lisa Nelson...
Any idea on this?
Click to expand...
Click to collapse
The site isn't compromised - you've configured your profile to show this information publicly.
Your account settings are making a lot of contact information available - check out your profile page at http://forum.xda-developers.com/member.php?u=2123239 and go to contact info - there's a few email addresses showing up there. Your yahoo and own-domain emails are both appearing there - you may wish to not publicise such information on the site.
pulser_g2 said:
The site isn't compromised - you've configured your profile to show this information publicly.
Your account settings are making a lot of contact information available - check out your profile page at http://forum.xda-developers.com/member.php?u=2123239 and go to contact info - there's a few email addresses showing up there. Your yahoo and own-domain emails are both appearing there - you may wish to not publicise such information on the site.
Click to expand...
Click to collapse
It is good to learn that nothing bad had happened. I knew my email address is exposed, but it was a little strange someone might care to copy it from here and include in a mailing list in a random basis and it would take a lot of hard work to check and copy for all members here! Feeling special lol
SKJoy2001 said:
It is good to learn that nothing bad had happened. I knew my email address is exposed, but it was a little strange someone might care to copy it from here and include in a mailing list in a random basis and it would take a lot of hard work to check and copy for all members here! Feeling special lol
Click to expand...
Click to collapse
It will be a crawler - like search engines crawl pages for search terms, some crawlers trawl the entire internet for email addresses to spam. Unfortunate that it happens, but so is the internet these days... That's just ordinary spam, nothing more, nothing less.