All I heard was “I’m an idiot and so is my company”

I’m going to start by saying that I’m an American Express customer, I have been for a long time and I’m very happy with the service that I’ve been provided by the company.

From my twitter friends I saw this:

RT @SeanTAllen: wow. just wow. RT @newsycombinator: AmEx: “We discourage the use of special characters because…”

Holy fuck.  That is just so full of dumb.  There’s a whole swimming pool of dumb right there.  Now, I can’t tell if the person responding is dumb, the company is dumb for giving them the form letter – so I’m going to presume it’s the latter.

Here’s a clue American Express.  Don’t be fucking idiots.  You do or say anything stupid about security and people will notice and call you out.  Now is a good time for you to sort your shit, issue a public apology, retract the stupid email and also fix your retarded website.

That is all.


My own number

Thanks to Ed Felton, I now own my own number.
82 73 4E AC 37 7D 43 11 CA CA A7 5D 49 F8 F8 1C
Should anybody use this to encrypt or decrypt things, or as a seed, or even if the data you create produces this as a hash, I’ll be forced to sue you. The DMCA will help me.
As a result of this, BouncyCastle will prevent you from ever using this as a key to protect BC users from my lawsuits. (*)
Thanks Ed
(*) Humour.

BouncyCastle release 1.32 now available

The latest relase of BC is now ready after a couple of false starts in the beta process.
Thanks always to our tireless reporters of issues, one day maybe all vendors will create certificates in the same way.
New features in this release include support for elliptic curves over F2m, suport for ECDSA with CMS and S/MIME, and support for a wider range of PSS signature types in CRL and certificate verification. In addition further work has been done on improving path validation compliance with RFC 3280, OpenPGP text signatures now work correctly in environments with ‘\r’ as a line separator, a typo in the header for OpenPGP clear text SHA256 signatures has been fixed, several encoding compatability issue with the streaming CMS and S/MIME APIs have been fixed and it should now be possible to stop the S/MIME parsers from leaving temporary files around in all operating system environments.
As usual, the latest releases can be found at :
And for those who like living on the bleeding edge, the betas can be downloaded from:

Bouncy Castle Crypto Provider Package Version 1.28 now available

This release adds support for the GOST suite of cryptography algorithms, ISO 7816-4 padding, and the Whirlpool message digest. In addition several bugs and compliance issues have been fixed which affect the CMS, S/MIME, and CertPath implementations, as well as the procesing of extensions on CRL entries. A bug which caused the file processing methods in PGPUtil to fail to close files after they were no longer needed has also been fixed.
More release note information and the latest releases can be found at;