- allow owners of used cell phones to break access controls on their phones in order to switch wireless carriers.
- allow people to break technical protections on video games to investigate or correct security flaws.
- allow college professors, film students, documentary filmmakers and producers of noncommercial videos to break copy-protection measures on DVDs so they can embed clips for educational purposes, criticism or commentary.
- allow computer owners to bypass the need for external security devices called dongles if the dongle no longer works and cannot be replaced.
- allow blind people to break locks on electronic books so that they can use them with read-aloud software and similar aides.

Treating poker clients as "video games" is probably stretching the letter of the law, but I think it maintains the spirit.

Any chance the reverse engineering discussion policies can be loosened slightly?

That's an interesting news ...


Here I'm not so sure. I read this change as that you can RE such software for the purpose of discoveiring and fixing security flaws. It would be quite brave to assume that anyone here would do this for this purpose (Although I won't exclude it, as we had guys here working for anti-virus companies).

I would rather leave this rule active for now.

FTP had a serious security issue which I noticed a few weeks ago. My bot is packet based, but I have to split the packets into FTP messages myself. There is a mix of fixed length and variable length messages in the FTP protocol. I log any packets that are unusual or fail to process so I can fix any bugs in my packet handler. I noticed I was getting packets with extra information appended to them. this information included player handle, email address, full name and address, etc. The FTP server was reusing packet buffers without clearing them. Account detail packets from people were being reused for specific table info packets which were then sent to other people. I *think* only tournament players were exposed to this security breach but I can't be sure.

I gave FTP packet logs of the bug and it was silently fixed (no client update) on or about May 13th. So that probably explains the email incidents. Not sure how many people out there would've noticed this, I thought it was pretty obscure and hoped nobody else knew.